Is it possible to change to root password to a VPS from inside HyperVM? I currently have 4 VPS's setup and I need to change the password for one of the VPses. Can I do this from inside HyperVM without having to go to SSH?
I'm still trying to figure this one out. I got an email last night about 10:30pm that a weird IP had logged with root. I thought it was a guy that helps with tech things but I ran the IP... it came back from Korea and I knew I was in trouble. I immediately logged into WHM and changed the root password then sent the server down for a reboot. He was only in there for about 3 minutes before I nailed him. I've banned the IP from the server and have been watching it for nearly 12 hours now and they haven't came back yet.
Now comes the task of trying to figure out how he got the password. This is mind boggling to me. He knew the password, like someone gave it to him... there were no incorrect guesses or brute force. The password was a series of random letters, both upper and lower case. Is it possible he got it through getting to /etc/passwd via a PHP script? I have open basedir restrictions in place, can they get around that? I noticed at the time he logged in there were several IPs trying to exploit PHP scripts on my server, you know, setting the parameters to txt files but I assumed with shell functions disabled (except exec) and with open basedir this wouldn't be possible. Is there a hole in cpanel / PHP / kernel recently I may have missed?
Code: #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/$ISA/pam_wheel.so use_uid auth required /lib/security/$ISA/pam_stack.so service=system-auth account required /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so close must be first session rule session required /lib/security/$ISA/pam_selinux.so close session required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so open and pam_xauth must be last two session rules session required /lib/security/$ISA/pam_selinux.so open session optional /lib/security/$ISA/pam_xauth.so id
I have VPS's with two companies that have managed/semi-managed support (depending on how you define it) and rely on them for a fair amount.
Whenever submitting a support request, I have to submit my root and cPanel passwords. Do people in my situation leave their root password as they would normally and just changing it however often they would if it wasn't given to support? Or, do you change your root/cpanel passwords before making a support request, and then change it back after the ticket is closed?
No offense intended to either of the VPS companies or their personell (that monitor WHT), both have been great. But, the reality is that I take it everyone at the company that has access to submitted tickets now have access to the root password, and since as a customer, I don't know when there has been employee turnover, that seems a security risk.
So, I am curious how others handle this. Not really sure if this belongs here or in the VPS forum, but since it could apply to any type of server/hosting account, I figured it belonged here.
How would I go about enabling the root user on a FreeBSD 6.1 system? I've got a dedicated colocated server (hardware, not virtual) and I can't for the life of me do anything with root. I can't "su", I can't "sudo", and I can't "passwd root". I've tried different shells, etc, but nothing works. I am the server admin, but I'm doing it remotely and I just can't figure this out. I know it's not, but I'm going to ask it for the sake of it being out there anyway: Is it possible that the server lacks a root user and that I'm unable to create one?
I have recently leased Kayako support suite and I have not been able to get email piping to work. They have asked several times for the root password of my dedicated server and I have denied it. They now tell me they cannot help me if I do not provide them with the password. I find this very ridiculous since I know it is not safe to give that password. Is it advisable to give them the password and then change it after they get kayako working? What risks would I be going through?
I have just discovered a massive security in the CPANEL 10.9 software. This problem is in the BACKUP FEATURE. If you do remote ftp back onto the same account. It will put the file in the account home directory and it will have this type of stuff accountname:ROOTPASSWORD@serverhostname.com
We've had a customer do something strange to their server. They were playing with /etc/passwd or /etc/shadow or similar (not quite sure of the details) but the upshot is booting the server into single user and trying to reset the password via passwd gives
passwd root (and any user) passwd: Authentication token manipulation error
So far I've
Replaced /etc/passwd* and /etc/shadow* with a copy from another server Turned off SeLinux /etc/pam.d/passwd is fine Root file system is r/w
i have installed phpMyAdmin becouse I don't like the limitation of db management of Plesk, but I can't find the root password to access in it. I read that Plesk rename "root" user in "admin", but I can't find the password. Where is it?
I was just wondering if someone has made a new tool/script yet that will allow yo to transfer CPanel accounts in bulk (not the old way of doing them one by one) to another server (VPS/Dedicated) without having root access?
Like I know in order to use the WHM's transfer from server to server you need root access on both servers, but I'm asking, if you have a Reseller account, and a VPS/Dedicated server, I know last time I checked the only way to transfer accounts over was by making a Backup file for each account and then transfering it over which can take a while if you are doing a lot of accounts.