cPanel’s biggest bug, login with root password

I don’t know whether it is a bug or a feature. However, as this is unexpected, undoubtedly it is bug.

The problem is that, when you try to login to cpanel’s domain owner interface (2082, 2083), if you provide a password that matches root password, it will give you root access even though you did not used root as username.

For example, you have a domain mydomain.com hosted using cpanel, also suppose the username and password is mydomain and xXx123XX respectively. If for some, the root password of this server is same as your password, you will get the root access unwillingly though you were trying to simply login to your control panel.

Yes, anyone can get root access using the combination of root and xXx123XX when desires so. But won’t you surprise when you get such privileges even without knowing? You don’t know that server’s root password and but mere matching of password will give you unlimited access to server.

I hope they will fix it soon.

cPanel: Enable/disable specific webmail application per user

Today, I faced a situation where I need to show single webmail application to cPanel control panel user. Usually there are three (3) webmail clients. These are horde, squirrel mail, roundcube. However, I was advised to make sure that a specific customer does not see more than one specified. I suggested, ‘Enable Autoload’ feature which did work indeed but did not satisfy him. Then I opened a thread in cPanel forum and I got the following solution. That’s is easy. I quote the whole post here.

You can enable and disable webmail applications as per user accounts. Continue reading →

cPanel database administering class

It is long time since I have worked with cPanel. My last work was cPanel Email Management  script that enables us to create/delete email accounts from outside of cPanel.

Today I have worked with another cool thing. I have created similar class for database. Using this class, anyone can easily create/delete database and database users.

Current Features:

  1. Create database
  2. Create User
  3. Grant Privileges
  4. Delete Users -> Supports deleting multiple users at a time. See the example in test.php
  5. Delete Database -> Supports deleting multiple databases at a time. See the example in test.php
  6. Check if database exists
  7. Check if user exists

Requirements:

  1. cPanel server
  2. English as language of cPanel
  3. cURL

Please let me know your suggestion if you use this class.

Download V1.0

Special thanks to Sajjad Hossain for helping me during the development.

Update: 02-07-2009
– The class is approved in phpclasses.org. Click here to visit.

kazila.com review

As a part of my hosting company assessment, in July I tested kazila.com. I found there name in WebHostingTalk forum. They were offering 600GB of space for $3.95/month. Isn’t it fair than so called unlimited space offers? But if you ever go for purchasing a dedicated server, you will know how easily it is impossible 😉 to offer 600GB storage at $3.95 with 6TB transfer (without multiple overselling!).

Anyway, yet I still interested to test them as their sign up fee is not high. After reading their TOS I have proceed to sign up with them. After account gets approved, now I need to store files. An idea came to my mind; I transfered about 20GB from my another server to this new account. The files were archives of my websites.

After one day, I got email that my account is suspended. I asked them why they suspended it. They replied, storing backups/archives is not allowed. But swear, there was no such term in there Terms & Conditions. I told them about this but they were rigid. Later, I told I will remove the backups after a few days. They then unsuspended it. After one/two days again they suspended it. They send an email regarding this. I guranteed to remove the files. So they undo it. I then removed the files (in fact for my sites security reason) and I never get back to them again.

Setting up Remote MySQL in cPanel

Today my client was facing problem to setup a remote mysql connection. He wanted to connect a database which belongs to another server and domain. Its fairly simple. But most of the tasks remains on the remote server.

Suppose, your remote domain/server is www.remote.com and your scripts are running in mydomain.com. I assume that you already have a database in the remote.com. We just need to access it from remote server. Also assuming that your database name is remoteco_main. Note, all databases & also usernames (for database connection) in cPanel are prefixed by your username of cPanel and _ (underscore). So remoteco in remoteco_main is the username of cPanel. So you have a complete database, username & password setup which works on remote.com. Continue reading →

Permission denied: .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Do you get the following error message when you try to visit a site/your site?
Forbidden
You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

You may see this message when you try to visit a folder in your domain like http://xenexbd.com/hello/. Most of the time, I have found this error for subdomains like http://hello.xenexbd.com. Most probably this is very common in a cPanel server. You may get this error after your install/uninstall FrontPage Extension in the main domain. I was repeatedly facing this problem. I usually solved it by installing/uninstalling/reinstalling the FrontPage extension on that subdomain. Continue reading →

cPanel Bug

I am a regular user of WHM & cPanel. Recently I found a bug in cPanel Release Build 20683 which is now running in three of our servers.

You login to WHM. Then Click List Accounts. Your hosted domains will be listed. You should noticed that there is an quick password and email changer from some recent builds. To change password and/or contact address of any domain, there is + following by the domain name. Now you click on the + icon for a domain. You will see the password of that domain is shown in the contact address box.

You will discover the same problem if you login to cPanel for first time with RVSkin theme. This will (I have found with RVBlue) ask you to enter your email address as soon as you login to cPanel. In the contact Continue reading →

cPanel Email Management

Ahh! Thanks Allmighty. At last I have finished the 1st version of cPanel Email Management Script. From three days I am working on it. Though today, I mistakenly deleted two core files 🙁 . So I had to start over.
Using this scripts anyone can give free email service to his visitors. Users can auto signup and manage their accounts. Admin also have some controls. The features are:

  • Users can registers themselves without intervention of site Admin
  • Admin can specify the quota for accounts
  • It can check whether the email address is already taken or not
  • Auto welcome mail to the new account
  • Auto notification to site admin
  • User can change their password
  • User can recover their password using Alternate email address
  • Admin can see all accounts
  • Admin can change password of any account from admin panel
  • Admin can change quota of any specific account
  • Admin can Lock/Unlock account (Locked accounts are red marked in Admin Panel)
  • Admin delete any account
  • You can easily customize/modify the source code to suit your need.
  • Separate Language File. You can now translate it to your own language. New
  • Captcha for preventing bots. New Continue reading →

cPanel User Guide & Tutorial

cPanel BookI am using cPanel for more about 4 years. I wonder, how many features I did not know about until I read the book cPanel User Guide and Tutorial written by Aric Pedersen, working as System Administrator for Netenberg.com and several other companies.

The author has described each and every feature of cPanel. The first chapter covers the fundamentals & tips of selecting a good hosting company, very much important for fresher to website hosting.

The book thoroughly discussed how to manage FTPs, Files, Subdomains, Addon/Parking domains, Emails, Website Statistics, Backup/Restore Data, Script Installations using Fantastico. Continue reading →

WHM Book

Managing a remote web server is never an easy game. I know many people who are not familiar with non-windows operating systems hence don’t wanna buy dedicated server as it takes much time to learn and managing server is bogey job for many. But now I believe the book titled “Web Host Manager” by Aric Pedersen should be the greatest gift of 2007 (as I reviewed it this year). I think anyone can easily manage his own web server using WHM within a few weeks after thoroughly reading this book. The book described each and every features of WHM including installing it on a fresh server or tweaking it on a ready server. The book also described about different issues of security and ways to resolve those. Continue reading →