cpanel interview questions
Top cpanel frequently asked interview questions
Using cPanel on my shared web hosting account, I set up a WebDAV directory and account.
But neither the Wizard-based "Add a network location", nor the net use approach result in any successful connection: They both basically say that they were not able to authenticate the user.
Is there a systematic, methodical step-by-step recipe to make this work on Windows 7 (64-bit)?
(connecting to the same WebDAV from Windows XP works fine)
Source: (StackOverflow)
My father-in-law asked me for ideas to improve his email security. He read an article about how some hackers, having gained access to a Gmail account, were able to reset the account holder's passwords for other services, such as Amazon.
This is what I've come up with so far, but more brainpower would really help as I've never thought of this before, so all critique and suggestions will be warmly welcome.
Starting Point:
He has a website hosted on a LAMP / cPanel system, and his current email goes through the website's domain. The email account is set up in cPanel. He retrieves his email via pop3, deleting it from the server. I'm thinking this might be a decent starting point? No need for iMap as he only has one computer (no iPhone) and he deletes it as he goes?
Next Steps:
I am thinking to get him to set up several address forwarders on his cPanel: one for his bank, one for Amazon---basically one for each of the few accounts that are linked to a bank or a credit card. These forwarders would all forward to one central address, also set up in cPanel, which would be "private", in the sense that he would not use it to send emails. He would only use it to retrieve email via pop3.
Also thinking of getting him to can store his email on his computer on an encrypted virtual drive using TrueCrypt.
With this set-up it seems to me the messages are vulnerable in a few places:
- in transit from Amazon to his server, than from his server to his computer. Not much we can do about that as his bank or Amazon are not going to send him encrypted email.
- while stored on his cPanel LAMP set-up. I wonder how safe (unsafe) that is. If it was a shared host I'd be very worried. Being a VPS it might be a little safer. But still... Someone could hack in... How likely is that?
- on his computer, if someone gains access while he is logged in and the virtual drive is mounted.
Big thanks in advance, looking forward to your thoughts.
UPDATE: SUMMARY OF REPLIES SO FAR
How lucky, several thoughtful and detailed replies came in so far.
Summarizing the replies so far.
Using the Web
- His router should be hardened, for example disallowing the Internet remote management console. Be mindful of the fact that a hack could reveal his IP address and ISP login password.
- Use long and complex passwords that are unique to each on-line account that he uses. Strong passwords (16 characters or more)
- Creating different email accounts off one domain for different services: Pros: prevents the "Epic Wired hacking". Cons: increases the number of vulnerable nodes
Use a secure browser. For Firefox, see Top 10 Best Firefox Security Add-ons, esp. noscript
Retrieving Messages (Thunderbird)
- Use SSL
- PGP encryption for sensitive correspondence (requires the counterpart to have a key)
Local Machine
- Firewall
- A good anti-virus suite is also a must.
- Disable unused network services
- Encryption => Applications leak an unbelievable amount of data throughout the whole system in caches and logs, rendering a solely encrypted local mailbox somewhat irrelevant. If you encrypt, Truecrypt the whole drive.
Hardening the Server
- Uninstall every unessential service or product that may listen or access the Internet and more.
- Grsecurity or a similar system to prevent buffer overflow attacks
- He should login to his webserver using its IP address and not the domain-name which can redirect him elsewhere: If a DNS server is hacked, then when browsing he could find himself confronted with a login page to any website or even his own server that is an exact duplicate of the real page.
Fischer's Set-up
(Special category as Fischer's workflow is different system from the other replies)
- If you don't know how secure your lamp server is, host it on outlook.com instead (free)
- Forward all email accounts to GmailAC#1 and delete from server
- After reading, PGP-encrypt messages and forward to GmailAC#2
- Retrieve via Thunderbird
Source: (StackOverflow)
I find it very convenient to administer my whole server by logging in as root.
However, CSF tells me that it is a "considerable risk" to allow login to FTP via root, and other websites I googled concur.
Why is this, and should I really be too worried about it? Is it OK to leave it or would the risks outweigh the benefits even in my case?
Source: (StackOverflow)
I want an app that will change all server password for me on a weekly basis (whm and cpanel) and allow for an easy way for admins to get this new password each week. (I want to tighten security).
I use WHM and cPanel. Any suggestions?
Source: (StackOverflow)
how to enable or install pdo extansion for php , i cant use easyapache and i cant find php.ini in WHM
after install script on host i get this error:
Fatal error: Class 'PDO' not found in /home/jafar/public_html/model/db.cls.php on line 29
script dont have any problem and work correctly on localhost.i think if i can install or enable it can successfull run and install script.
Source: (StackOverflow)
I have a dedicated server and I am installing cPanel on it.
I am wondering if I should also install an SSL certificate (that I will have to buy) just for the cpanel install itself.
Source: (StackOverflow)
Hostgator told me on a support call over a year ago that Windows 7 had issues with Webdav because of digest authentication. They also said that future versions of Windows would solve the problems with Webdav.
However Windows 10 is giving me the same grief. I don't know if the problem lies with Windows 10 or Hostgator.
Windows 10 typically loses the mapped Webdav connection on each reboot. I'll often have to reboot 8 or more times to get Webdav to connect. Each time I will run their connection script to connect. However Windows responds with an error that I can't access the network path because I don't have permissions.
I'm getting really tired of deleting the mapped drive and rebooting a dozen times.
The site uses cPanel and it is using digest authentication.
Update:
I have migrated to a new provider that is much more up to date than my previous hosting company. The problems persist, so it doesn't seem to be an issue that is solely their responsibility.
Sometimes if I delete the connection before reboot, it can be reconnected afterwards. Sometimes it still takes multiple reboots.
Source: (StackOverflow)
I am on Cpanel. I have root access.
When I create a new domain, a new user is created. Let's call it example.com with the user name being example. This will create:
/home/example/www/
For WP to work here, it requires the same access as apache. So I usually, for updating etc, need to give "nobody" user access.
However, for FTP etc to work normally, I need files and folders to be owned by the user (example in my case).
What do people recommend. Should I add example to the nobody group? Or what else?
This is driving me up the wall.
Thanks!
Source: (StackOverflow)
UPDATE 2/23/2016
I think my original question was confusing, so I am going to rephrase it: I have my own dedicated nameservers running cPanel DNS Only! I want to know how to give other people vanity nameservers!
Our company has its own dedicated nameservers running cPanel/WHM DNS Only, which are using the hostname ns1.ourcompany.com ns2.ourcompany.com and so forth.
One of our clients is a reseller and wants to use our nameservers but would like to white label them so that it says ns1.theircompany.com, ns2.theircompany.com and so forth.
Is there a hostname alias option that the nameserver will respond to? How would we achieve this?
I've read many time that using CNAME for nameservers is a really bad idea, so I am guessing that is not an option.
UPDATE Feb 2016
I've created A records to point to the nameserver IP addresses and it works! I don't know why it works and how I could prevent someone from pointing to them with a different domain. So if I pointed them to CloudFlare I could use cloudflare as the nameservers? How would CloudFlare prevent that? Also why would creating a CNAME record instead of an A record not work? It has been working for me on Amazon Route 53.
Source: (StackOverflow)
I am running centos, cpanel/whm, and I have cpulimit installed.
The problem I am having is one of my users is using an extreme amount of cpu usage. Over 100% consistently and it's slowing down my server.
Further problem is they are a friend and not malicious so I don't want to suspend them.
Also what further is an issue is that I can't limit it by process, because this process changes every second. It's a different process every time.
I tried the following but it doesn't work.
cpulimit -l 10 -e /home/[username]/public_html/theirwebsite.org/index.php
I just get returned,
No process found
No process found
No process found
No process found
No process found
No process found
etc
There are two things that are using that extreme cpu usage.
First thing is that file at that location, index.php.
Other is [php], whatever that means in WHM. But mainly the index.php is the problem.
If I could limit that index.php file in that location, that might help mitigate this issue.
By the way, I tried the -P flag but that isn't available as an option unlike the documentation.
cpulimit -l 10 -P /home/[username]/public_html/theirwebsite.org/index.php
returns
cpulimit: invalid option -- 'P'
Usage: cpulimit [OPTIONS...] TARGET
OPTIONS
-l, --limit=N percentage of cpu allowed from 0 to 1600 (required)
-v, --verbose show control statistics
-z, --lazy exit if there is no target process, or if it dies
-i, --include-children limit also the children processes
-h, --help display this help and exit
TARGET must be exactly one of these:
-p, --pid=N pid of the process (implies -z)
-e, --exe=FILE name of the executable program file or path name
COMMAND [ARGS] run this command and limit it (implies -z)
So looks like I have to do it with the -e flag.
Ideally however I would like to limit the entire user account.
And yes I know about cloudlinux but I can't do that right now. Until I can do that I need help doing it manually with something that doesn't require a server reboot.
Source: (StackOverflow)
I plan on moving some WHM/cpanel accounts to a new server, I am under the impression that during transition, some emails might land on old server even if the files have already been copied to the new server.
Is it possible to prevent this so that all incoming emails during the transition won't get lost?
Source: (StackOverflow)
I was working on my website two days ago then was unable to access the cpanel. Then suddenly yesterday I was blocked completely.
I couldn't connect through ftp, cpanel login, domain name or ip address. I tried different computers and flushed dns cache.
I contacted my administrator and he said it was working fine. Then I tested on my iPhone and everything loaded fine. I then tested through proxy servers, some were successful at loading.
Is this a problem with my ISP or my router? How do I fix it if it's my router? The configuration options available on my router are super-basic to say the least, even with 'advanced settings' on.
Source: (StackOverflow)
strangely I cannot run the sudo command for every new account I create that is not root. The server is completely new and wasn't touched so I don't know what's wrong.
for every command I try to run with sudo with a normal user I get
sudo: effective uid is not 0, is sudo installed setuid root?
I tried various solutions I found on the web including
chmod u+s /usr/bin/sudo
and
chown -R root:root /usr/bin
but nothing helped.
ls -l `which sudo`
shows
-rwsr-xr-x. 1 root root 123832 Oct 15 02:14 /usr/bin/sudo*
and finally
type -a sudo | awk '{print $NF}' | xargs ls -lF
gives
-rwsr-xr-x. 1 root root 123832 Oct 15 02:14 /usr/bin/sudo*
what could be the issue?
Source: (StackOverflow)
Here is the base of my problem: I would like to add sudo rights to a user, but not to use it as root for security reasons.
I have a PHP script needing to run a command (drush) through exec(). However, the PHP is run as a user and I want the command to be executed as another user. This is required because if not, there is a permission problem to write in the other user's directory.
The drush command itself works, I've made it available to all users.
The current user (A) is a cPanel reseller that created the other account/user (B).
I can run exec('ls -la') as user A and it will return the CWD's contents as long as we are in user A's home directory. The same code with added sudo fails as user A is not in the sudoers list.
The final command downloads files to user B's directory and looks like:
'<pwd> | sudo -S -u <usrB> drush dl drupal <irrelevant options>'
-S is supposed to automatically execute the command as user B using his password.
Running the exact same command as root works perfectly.
I wanted to know if there is a way to add user A to the sudoers without access as root, and if that would be safe to prevent potential security flaws. If it isn't possible, are there alternatives? I saw one could exclude directories from sudoers using !, but then I realized that this would be quite flawed.
Please note that I'm a developer, so even though I know some basics, I'm not a pro. Server is running CentOS 6.5, WHM/cPanel, and I have root access if needed. The idea is that a one-time setup will prevent configuration upon new user creation.
Source: (StackOverflow)
Would it be possible that when a normal user logs in to root via su command an email notification will be sent?
Source: (StackOverflow)