Whostmgrd :: Stranger IP With Root Ownership And Command
Jun 28, 2008
When I have checked the 'Current CPU Usage' in root WHM there was a stranger IP with root ownership and command: whostmgrd - serving xxx.xxx.xxx.xxx
Also there was my IP with this ownership and command, like every time I am viewing the WHM.
I have blocked this IP with apf immediately, and the root password is changed.
Does it mean someone was in root WHM?
I have a dedicated server with cpanel on centos 4.6 / chkrootkit and rkhunter / all of server's softwares are up to date / compilers disabled for users / php open base dir is enabled and my users do not have SSH access.
Due to a typo at the comand line as Root, ive manages to change the owner ship of unknown mounts of files.
The command that was processed (Before it was complete)
chown -R reseller:reseller /
I managed to stop the process ctr+c and these were the last files to see fly past. The last one in the list is where it stopped at.
Code: chown: changing ownership of `/proc/11566/task/11566': Operation not permitted chown: changing ownership of `/proc/11566/task/11566/fd/0': No such device or address chown: changing ownership of `/proc/11566/fd/0': No such device or address chown: changing ownership of `/proc/11572': Operation not permitted chown: changing ownership of `/proc/11572/task/11572': Operation not permitted chown: changing ownership of `/proc/11572/task/11572/fd/4': No such file or directory chown: changing ownership of `/proc/11572/task/11572/cwd': Operation not permitted chown: changing ownership of `/proc/11572/fd/4': No such file or directory chown: changing ownership of `/proc/11572/cwd': Operation not permitted chown: changing ownership of `/etc/X11/X': No such file or directory chown: changing ownership of `/dev/core': Operation not permitted chown: changing ownership of `/usr/local/include/libpng/libpng12':
Too many levels of symbolic links
At the moment the server is still running and it seems only to be log in issues with Direct admin. All user / reseller / Admin accounts can no longer log in.
Error after logging in : Unable to determine Usertype user.conf needs to be repaired No images or nothing
Check /tmp ownershipWARNING/tmp should be owned by root:root the /tmp seems to be set to nobody:nobody Is it a Security Risk.? Other options are set fine on /tmp Check /tmp permissionsOK Check /tmp is mounted as a filesystemOK Check /tmp is mounted noexec,nosuidOK
Does anyone here know who owns Rackedge NL? Are they a member of this forum? I am having a real bad problem, that certainly defy's logic and reason and i can’t seem to get any replies from either member McRox or the Support team.
Rather than posting wildly around the net about them and this issue, I would prefer to first ensure this isn’t just a big misunderstanding, so any details anyone can offer on this.
There is only 3 people i have been in contact with in this company McRox (Member of this forum) Tony Deeman (Support) John de Groot (Sales)
I have it setup and have a user created that can upload files to my website.
The problem that I am running in to is that the files that this user uploads are owned by him not the cpanel website user. Thus when I try to view the page in my browser I get a server 500 error since the site is set to only serve up pages that are owned by the cpanel website user.
When using FTP in the same way we did not have this problem as the file that was uploaded would automatically be owned by the cpanel website user.
i got a unmanaged vps and i do not know why i often see folders and files ownership belonging to apache instead of myself and i have to manually reset ownership via directadmin file manager or ssh in to do it....can anyone advise me how to fix this problem as in anything i can do to stop all these apache ownership problem...
Another thing about directadmin, i select all folders and files at once trying to reset ownership but i always get an error and have to reset ownership one by one wasting time....
One of my customers wants me to change the ownership to nobody and group to apache in a directory created in the home directory of his website. I want to know whether doing so will pose any security problem. Also is there any advantage of changing the owner to nobody and group to apache?
I have been battling this for a while. A user will setup a CMS like joomla, e107, etc and every time the CMS changes files either with user interaction on the website or the admin changing things in their cms admin web page, apache takes ownership of the files.
I have tried installing suPHP, FastCGI, and most recently suexec. I am not having any luck with this. I really don't know what I am doing with these recent additions but meanly going on suggestions. Does anyone know of a walk through to fix this permission problem? Anyone with some good advise? Surely not everyone is having to write a script to chown each user's dir and run a cronjob every 5 minutes.
I have to mass change the ownership of accounts and I find "Change Owner of Multiple Accounts" tedious.
I found a bash script but I'm not sure if this works
Quote:
#!/bin/bash IFS="$"
cd /var/cpanel/users
if [ $# = 2 ]; then replace "OWNER=${1}" "OWNER=${2}" -- /var/cpanel/users/* else echo "USAGE: ./${0} <old reseller login> <new reseller login>" fi
If that works, how can I tweak it so that the change in ownership of accounts will be based in the hosting package and not in the old reseller account?
run a command on /var/git to set rights and onwer without being cautious enough.I have run chown git:git .* -R which did not only run direction downwards the tree but upwards as well :-(
Any way to reset permissions and ownership for the directories back to standard?I tried /usr/local/psa/bin/repair already. Did lot of the fixes, but not all is in line yet.
I have read that although chained root ssl certificates can be more difficult to install they are actually more secure since the root certificate cannot be compromised, only the intermediary.
Is this true? It looks like both google and amazon both use chained SGC certs.
Is there a command i can type into the ssh console to stop a current transfer that i started wit the wget command?
the file im wgeting always stuffs up at 51% but then the server just retries and starts again, its done it 3 times so far and i just want to completely cancle the process if possible....
for example my current path in server is root@server [/home/user1/public_html/upload]# and i wanna copy every thing inside directory upload to /home/user1/public_html/ but when i used this command root@server [/home/user1/public_html/upload]#cp -r -f *.* /home/user1/public_html/
then it just copy files . is there is any way to copy folder as well?
Im using the 'top' command on my server to view the memory and cpu usage, to save me sitting in front of my pc for hours looking at it, is there any way I can save it to a text file for viewing later on
After configuring all the ports, i start the firewall with this command /usr/local/sbin/apf -s
and I got:
: command not foundline 438: kN:q : command not foundline 438: kN:q : command not foundline 438: kN:q Development mode enabled!; firewall will flush every 5 minutes. : command not foundline 438: kN:q
Can you please provide a clamscan ssh command for scan all sites public_html folder? I know "clamscan -i -r --remove /home/" can scan all /home directrory and sub-directory, but its can have a heavy cpu process and serer load!
Code: zip ../d/db/backup.zip ../d/db/09-02-15.sqlite backup.zip never appears. Instead, I get some random filename in the directory. Like ziOHokOw
If I try to zip a smaller file(last weeks backup) everything runs fine?
Code: zip ../d/db/backup.zip ../d/db/09-02-08.sqlite So the 134mb file zips fine, but the 200mb one seems like its failing and im left with some type of temporary file. I tried downloading the weird filename and unzipping it. It has partial info like directory structure, the filename but the actual file inside is corrupt.
I have recently brought a VPS hosting package. At the moment I am going through the tutoritals on the net that I have researched before getting a VPS package to give me some understanding on what I need to do to securior the server and also how to install the software that I require.
For most of today, I have been trying to sort out a problem that I am currently having.
Of which is I am trying to sort out a part of the tutorial from a website that requires the use of apt commands.
But for every command I am getting the message back apt..... Command not found. I am currently using the ubuntu operating system. And through some research, I have got the feeling that I might have the bare installation done on my server to just make it work.
Would I be right, and with the bare installation apt commands wouldn't be installed?
If I am, how would I go about installing the Apt commands and anything else that I might require?
can i activate the deletion command for 10 or 30 mins and then stop it? i think by this way we cant delete some files from the dir and not all the files so i can edit my files
i want to do this because my server doesnt respond to any file system command because my hardisk is full! so i need to remove some files by any way
