Overview cPanel & WHM uses VirtFS to provide a jailed shell environment for users who connect to a server via SSH. The jailed shell acts as a container for the user, and does not allow the user to access other users’ home directories on the server.Unlike a normal shell environment, a jailed shell environment increases security for a server’s other users. Users in a jailed shell environment can run otherwise-unavailable...
cPanel
Login to WHM/cPanel server via SSH with root access and execute following commands:$ wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make $ chmod 700/scripts/before_apache_make And then recompile apache by previous saved profile:$ /scripts/easyapache That is all, you can also check for any symbolic links already created:$ find /home*/*/public_html -type l This will output directories and files...
Here is a quick script for you to check if your cPanel/WHM server is vulnerable. Execute the following as root. If you get ANY cipher output, your server can be considered vulnerable.for port in 21 443 465 993 995 2083 2087 2078 2096; do echo “Scanning $port”; for cipher in $(openssl ciphers -sslv3 ‘ALL:eNULL’ | sed -e ‘s/:/ /g’); do echo -n | openssl s_client -sslv3 -cipher “$cipher”...
Error log contains: [emerg] (28)No space left on device: Couldn’t create accept lock or [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock Configuration Failed Checking your disk shows that you have plenty of space. The problem is that apache didn’t shut down properly, and it’s left myriads of semaphore-arrays left, owned by my apache-user. Run: pcs -s | grep nobody Removing these semaphores immediately...
Many times malware php scripts are uploaded to sites when 777 (or just enough) permision folders are present. Sometimes you just can’t set permissions to a secure level (because of crap applications) so you have to secure these folders another way. One solution is to use .htaccess files for example to stop direct php access/execution in that folder/subfolders : #touch .htaccess content of .htaccess: <Files *.php> Order Deny,Allow Deny...
Not many CPANEL server admin knows that when they delete user account, there are some of those user files that still left on the server. Because user has been deleted, so the files will be owned by nouser. This can be a problem when your server is highly cycled (you add and delete users very frequently) because you can hit the system user limit. This means you cant create no more user on your system. Deleting user to add another one wont...