cPanel’s biggest bug, login with root password

I don’t know whether it is a bug or a feature. However, as this is unexpected, undoubtedly it is bug.

The problem is that, when you try to login to cpanel’s domain owner interface (2082, 2083), if you provide a password that matches root password, it will give you root access even though you did not used root as username.

For example, you have a domain mydomain.com hosted using cpanel, also suppose the username and password is mydomain and xXx123XX respectively. If for some, the root password of this server is same as your password, you will get the root access unwillingly though you were trying to simply login to your control panel.

Yes, anyone can get root access using the combination of root and xXx123XX when desires so. But won’t you surprise when you get such privileges even without knowing? You don’t know that server’s root password and but mere matching of password will give you unlimited access to server.

I hope they will fix it soon.

cPanel introduced DNS Zone editor for end user

Finally they did it. DNS zone editing was a long waited feature for cPanel. A big portion of their customers were looking for such feature for a quite long time.

Recently I need it so badly that I started learning Perl. However, I won’t need to make it anymore.

It currently allows creating/deleting A and CNAME records through its Simple DNS Zone Editor and A, CNAME, TXT records through its Advanced DNS Zone Editor. Though it does not support other record types however, no doubt, these are the most important.

Finally, I am so happy and thanking cPanel team personally for introducing this feature.

I am going to be free again

I could not (or did not) write blog when I have joined Athena Software Associates Ltd. But today I am writing as double update. I have joined in Athena Software Associates Ltd. as System Administrator in last May. I had to manage a number of their servers mostly using cPanel and providing system level supports to the customers. I have enjoyed the work there as I have faced a lots of issues with cPanel and learned how to deal with them. Though I don’t have any plan to build my career as system administrator, I believe the gained experiences will help throughout my developer life.

In December, I have decided to resign from my position for a number of reason. The first and the biggest reason is my current physical problem for which I need quite long time full rest. Allah knows how much I can rest  indeed. Some other minor reasons are, I started believing that I am becoming lazy there as the workload is not high. I wish and able to take more workload. Low workload means low learning to me. Moreover, I would enjoy working in team specially under supervision of some experts that would help me gaining knowledge faster.

Yesterday I have submitted my resign letter. However, I have to serve until January 31, 2010 for shifting my duties to new incumbent.

This job was the first full time job for me.  The decision to resign was very tough one. I will miss the superb friendly environment of Athena Software Associates. I will miss all the colleagues of Athena.

cPanel: Enable/disable specific webmail application per user

Today, I faced a situation where I need to show single webmail application to cPanel control panel user. Usually there are three (3) webmail clients. These are horde, squirrel mail, roundcube. However, I was advised to make sure that a specific customer does not see more than one specified. I suggested, ‘Enable Autoload’ feature which did work indeed but did not satisfy him. Then I opened a thread in cPanel forum and I got the following solution. That’s is easy. I quote the whole post here.

You can enable and disable webmail applications as per user accounts. Continue reading →

cPanel database administering class

It is long time since I have worked with cPanel. My last work was cPanel Email Management  script that enables us to create/delete email accounts from outside of cPanel.

Today I have worked with another cool thing. I have created similar class for database. Using this class, anyone can easily create/delete database and database users.

Current Features:

  1. Create database
  2. Create User
  3. Grant Privileges
  4. Delete Users -> Supports deleting multiple users at a time. See the example in test.php
  5. Delete Database -> Supports deleting multiple databases at a time. See the example in test.php
  6. Check if database exists
  7. Check if user exists

Requirements:

  1. cPanel server
  2. English as language of cPanel
  3. cURL

Please let me know your suggestion if you use this class.

Download V1.0

Special thanks to Sajjad Hossain for helping me during the development.

Update: 02-07-2009
– The class is approved in phpclasses.org. Click here to visit.

cPanel 11.24 VPS Optimized(?)

Yesterday I have got the mail from cPanel about some changes in cPanel. Though the changes were applied in CURRENT & EDGE tree, yesterday they entered into RELEASE tree. As I use RELEASE tree I have immediately updated the cPanel’s version. I have monitored the server almost whole day.

They claimed they have released the second version of VPS Optimized which saves 12-15MB RAM. But at what cost?

I am monitoring one of my VPSes from yesterday. Still I am observing that the server load is consistently more than double than before. So, did they save memory at cost of CPU? Usually my VPS’s load always (except special tasks like backup) remained under 1.0 and mostly below 0.6. But now it is always more than 1.5 and mostly 2.0+.

In VPS arena, RAM is easily upgradeable but not the CPU. Many company provides equal CPU share. So, when needed, we can upgrade the RAM but can’t upgrade the CPU share easily and cost effectively.

So, I am really frustrated with this version of cPanel.

Setting up Remote MySQL in cPanel

Today my client was facing problem to setup a remote mysql connection. He wanted to connect a database which belongs to another server and domain. Its fairly simple. But most of the tasks remains on the remote server.

Suppose, your remote domain/server is www.remote.com and your scripts are running in mydomain.com. I assume that you already have a database in the remote.com. We just need to access it from remote server. Also assuming that your database name is remoteco_main. Note, all databases & also usernames (for database connection) in cPanel are prefixed by your username of cPanel and _ (underscore). So remoteco in remoteco_main is the username of cPanel. So you have a complete database, username & password setup which works on remote.com. Continue reading →

Permission denied: .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Do you get the following error message when you try to visit a site/your site?
Forbidden
You don’t have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

You may see this message when you try to visit a folder in your domain like http://xenexbd.com/hello/. Most of the time, I have found this error for subdomains like http://hello.xenexbd.com. Most probably this is very common in a cPanel server. You may get this error after your install/uninstall FrontPage Extension in the main domain. I was repeatedly facing this problem. I usually solved it by installing/uninstalling/reinstalling the FrontPage extension on that subdomain. Continue reading →

cPanel Bug

I am a regular user of WHM & cPanel. Recently I found a bug in cPanel Release Build 20683 which is now running in three of our servers.

You login to WHM. Then Click List Accounts. Your hosted domains will be listed. You should noticed that there is an quick password and email changer from some recent builds. To change password and/or contact address of any domain, there is + following by the domain name. Now you click on the + icon for a domain. You will see the password of that domain is shown in the contact address box.

You will discover the same problem if you login to cPanel for first time with RVSkin theme. This will (I have found with RVBlue) ask you to enter your email address as soon as you login to cPanel. In the contact Continue reading →

cPanel Email Management

Ahh! Thanks Allmighty. At last I have finished the 1st version of cPanel Email Management Script. From three days I am working on it. Though today, I mistakenly deleted two core files 🙁 . So I had to start over.
Using this scripts anyone can give free email service to his visitors. Users can auto signup and manage their accounts. Admin also have some controls. The features are:

  • Users can registers themselves without intervention of site Admin
  • Admin can specify the quota for accounts
  • It can check whether the email address is already taken or not
  • Auto welcome mail to the new account
  • Auto notification to site admin
  • User can change their password
  • User can recover their password using Alternate email address
  • Admin can see all accounts
  • Admin can change password of any account from admin panel
  • Admin can change quota of any specific account
  • Admin can Lock/Unlock account (Locked accounts are red marked in Admin Panel)
  • Admin delete any account
  • You can easily customize/modify the source code to suit your need.
  • Separate Language File. You can now translate it to your own language. New
  • Captcha for preventing bots. New Continue reading →