If you have CSF installed then check these two options:
# Distributed Account Attack. This option will keep track of login failures
# from distributed IP addresses to a specific application account. If the
# number of failures matches the trigger value above, ALL of the IP addresses
# involved in the attack will be blocked according to the temp/perm rules above
LF_DISTATTACK = Default: 0 [0-1]
# Set the following to the minimum number of unique IP addresses that trigger
LF_DISTATTACK_UNIQ = Default: 2 [2-20]
cPanel bugs me with this message every day on several servers. Seems its from the tool theplanet.com uses to handle backups.
Though I don’t understand why does it need uid 0 and why the “OwN3D” word. This does not look too professional.
Anyway to get passed this you can run :
sed -i ‘s/$user ne “planetbackup”/$user ne “toor” && $user ne “admin”/g’ /scripts/hackcheck; echo “/scripts/hackcheck” >> /etc/cpanelsync.exclude
This is the full email warning:
IMPORTANT: Do not ignore this email.
This message is to inform you that the account planetbackup has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should
verify that your system has not been compromised.
Under cPanel 11 you can install Ruby by running /scripts/installruby. This will install both ruby and rubygems.
root@main [~]# ruby -v
ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-linux]
root@main [~]# gem list
*** LOCAL GEMS ***
If you get this error while trying to access Awstats in cPanel, make sure that /usr/local/cpanel/3rdparty/bin/awstats.pl has 755 permissions.
1. First thing you need to login whm/Cpanel interface using root account and WHM >> Main >>Statistics Software Configuration
a. Check on Awstats under “Generators Configuration”
b. tick Allow all users to change their web statistics generating software.
c. disable all other stats log viewer.
You you may need to generate the log files manually for the initial verification,
You can use SSH to update the stats by issuing the following command:
You can now see that “last update” option enabled in cPanel>>Logs >>Awstats ”
If it is not there, do the following ,
You can also verify that the setting is actually enabled, by checking the AWStats Configuration File for a particular user.
1. Login via SSH as root
2. cd /home/username/tmp/awstats
3. grep AllowToUpdateStatsFromBrowser awstats.example.com.conf
4. It should be set to AllowToUpdateStatsFromBrowser=1
5. If not, edit the file and save.
6. restart cpanel : service cpanel restart
Since cPanel already have scripts to backup/restore individual accounts all you have to do is to:
This will create a backup of and in order to restore it run:
Note that you will have to run this commands as root and in order to restore you need to be in the directory where the backup is stored.
One client has : 11.25.0-E43770 – WHM 11.25.0 – X 3.9 and seems that a lot of core files are create in /root or /usr/local/cpanel/install/ or /usr/local/cpanel/whostmgr/docroot/
To erase the core files just run :
updatedb && locate -r /core.[0-9] | xargs rm -fv
Also verify if /etc/init.d/httpd has :
ulimit -c 0
How to upgrade MySQL 5.0 to MySQL 5.1 in a cPanel server
Login as root and edit /var/cpanel/cpanel.config.
Finally run: /scripts/mysqlup