Enable cPanel CSF email bruteforce protection

If you have CSF installed then check these two options:

# Distributed Account Attack. This option will keep track of login failures
# from distributed IP addresses to a specific application account. If the
# number of failures matches the trigger value above, ALL of the IP addresses
# involved in the attack will be blocked according to the temp/perm rules above
LF_DISTATTACK = Default: 0 [0-1]

# Set the following to the minimum number of unique IP addresses that trigger
LF_DISTATTACK_UNIQ = Default: 2 [2-20]

planetbackup has a uid 0 account

cPanel bugs me with this message every day on several servers. Seems its from the tool theplanet.com uses to handle backups.

Though I don’t understand why does it need uid 0 and why the “OwN3D” word. This does not look too professional.

Anyway to get passed this you can run :


sed -i ‘s/$user ne “planetbackup”/$user ne “toor” && $user ne “admin”/g’ /scripts/hackcheck; echo “/scripts/hackcheck” >> /etc/cpanelsync.exclude

This is the full email warning:


IMPORTANT: Do not ignore this email.
This message is to inform you that the account planetbackup has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should
verify that your system has not been compromised.

Install ruby on cPanel

Under cPanel 11 you can install Ruby by running /scripts/installruby. This will install both ruby and rubygems.

root@main [~]# ruby -v
ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-linux]

root@main [~]# gem list

*** LOCAL GEMS ***

actionmailer (2.3.11)
actionpack (2.3.11)
activerecord (2.3.11)
activeresource (2.3.11)
activesupport (2.3.11)
cgi_multipart_eof_fix (2.5.0)
daemons (1.1.4)
fastthread (1.0.7)
gem_plugin (0.2.3)
mongrel (1.1.5)
rack (1.1.2)
rails (2.3.11)
rake (0.9.2)
rubygems-update (1.8.5)

How to enable awstats in cPanel

1. First thing you need to login whm/Cpanel interface using root account and WHM >> Main >>Statistics Software Configuration
a. Check on Awstats under “Generators Configuration”
b. tick Allow all users to change their web statistics generating software.
c. disable all other stats log viewer.


You you may need to generate the log files manually for the initial verification,

You can use SSH to update the stats by issuing the following command:
/scripts/runweblogs [username]


You can now see that “last update” option enabled in cPanel>>Logs >>Awstats
If it is not there, do the following ,
You can also verify that the setting is actually enabled, by checking the AWStats Configuration File for a particular user.

1. Login via SSH as root
2. cd /home/username/tmp/awstats
3. grep AllowToUpdateStatsFromBrowser awstats.example.com.conf
4. It should be set to AllowToUpdateStatsFromBrowser=1
5. If not, edit the file and save.
6. restart cpanel : service cpanel restart

Howto backup or restore individual cPanel accounts from command line

Since cPanel already have scripts to backup/restore individual accounts all you have to do is to:


This will create a backup of and in order to restore it run:


Note that you will have to run this commands as root and in order to restore you need to be in the directory where the backup is stored.