PHP Script to modify Host Access Control (WHM)?

[nerod]

Lately I've been having a lot of trouble with people trying to get into my system, so in Host Access Control, I set whostmgrd to access my IPs only.

The problem with this, is at work, I have a dynamic IP.

Currently, I have a PHP script for another whitelisting resource on my site that allows me to save an IP into a database so I can access certain pages of the website that are locked to specific IPs only.

I was wondering if it would be possible for me to pipe that script into also editing whatever file WHM uses for Host Access control?

[cPanelTristan]

The file that is edited is simply /etc/hosts.allow file for the IPs you'd whitelist. You can simply cat the existing file to see the results of what it needs to have for each whitelisted entry. Please note that the ALLOW entries must be above the DENY ones.

[nerod]

You can simply cat the existing file to see the results of what it needs to have for each whitelisted entry

I'm not sure what you mean; I don't have SSH access with a dynamic IP, either.. hence the need for a script.

I tried something like this:

Code:

$usrip = isset($_SERVER['REMOTE_ADDR']) ? preg_replace("/[^0-9.]/", "", $_SERVER['REMOTE_ADDR']) : '';

$file = "/etc/hosts.allow";
$fp = fopen($file, "w") or die("can't open hosts.allow file");
$stringData = "whostmgrd : '.$usrip.' : allow\n";
fwrite($fh, $stringData);
$stringData = "#work\n";
fwrite($fh, $stringData);
fclose($fh);
}

and I get the following error:

Warning: fopen(/etc/hosts.allow) [function.fopen]: failed to open stream: Permission denied in /home/site/public_html/adminurl/ip.php on line 44
can't open hosts.allow file

So I tried to chmod ip.php to user nobody, same result.

Any tips?

[cPanelTristan]

You cannot run a script as a cPanel user to modify a root-level file. This script must be run as root to modify /etc/hosts.allow

As for catting the file, this means you would need to do:

Code:

cat /etc/hosts.allow

To see the currently existing entries to use the right syntax for each line you try to add.

[nerod]

I chmodded as root and also changed the group to root & still got that error, is there anything else I should do?

As for catting the file, this means you would need to do:

Is this identical to pico? I usually use pico to edit in ssh, but I can't access ssh under a dynamic IP.

[cPanelTristan]

How are you able to change to root ownership for a file if you aren't already in SSH on the machine? Normally, you cannot chown (change ownership) to root if you aren't already root level on a server in SSH.

As for pico, pico is to edit files, cat is to display the contents only. If you aren't editing a file but want to see the contents, you would want to cat that file rather than open it up for editing.

[nerod]

I am at home now, where I have a static IP.

I'm trying to set something up so I can login to my WHM & SSH from work, which is a dynamic IP.

Thanks for the tip regarding cat, I previously just pico'd everything and exited out after I was done, I'll give cat a try next time, instead.