CP11 - .htpasswd files RELOCATED!

[soundguy]

Well, I just spent an unpleasant couple of hours with some screaming clients and confused customers who were unable to complete membership site signup purchases. Most of my empire is configured to use mod_auth_mysql to manage access but a few sites on several different servers are still using .htpasswd files. For convenience sake, I created the files in cPanel using their "web protect" feature and then accessed & auto-managed the entries with Perl scripts. This has worked fine for several years until today.


For some unfathomable reason, cPanel has decided to RELOCATE all those files without telling anyone. They were moved from:

/home/username/.htpasswds/ProtectedDirectory

to:

/home/username/.htpasswds/public_html/ProtectedDirectory

If anyone from cPanel is wandering around in the forum... did you think nobody was going to notice that you completely revamped the path to an important set of access control files? What were you guys thinking??? A heads-up would have been nice. I wasted several man-hours figuring this out and then rewriting a hundred hard-coded paths in my Perl scripts.

I also burned up 3-4 hours trying to figure out why my "order by" MySQL syntax that has worked fine since 2003 suddenly failed a couple of days ago. An email regarding the need to upgrade to Perl 5.8.8 would have also been nice. The way I see it, cPanel owes me an 8-hour day.

As a lover of good barbecue, I would ordinarily accept red meat as payment, but my doctor has been making noise about my cholesterol levels, so let's go with hookers instead. I'm a licensed distributor, so cPanel has my address. I'll be waiting by the door

[rpmws]

Well, I just spent an unpleasant couple of hours with some screaming clients and confused customers who were unable to complete membership site signup purchases. Most of my empire is configured to use mod_auth_mysql to manage access but a few sites on several different servers are still using .htpasswd files. For convenience sake, I created the files in cPanel using their "web protect" feature and then accessed & auto-managed the entries with Perl scripts. This has worked fine for several years until today.


For some unfathomable reason, cPanel has decided to RELOCATE all those files without telling anyone. They were moved from:

/home/username/.htpasswds/ProtectedDirectory

to:

/home/username/.htpasswds/public_html/ProtectedDirectory

If anyone from cPanel is wandering around in the forum... did you think nobody was going to notice that you completely revamped the path to an important set of access control files? What were you guys thinking??? A heads-up would have been nice. I wasted several man-hours figuring this out and then rewriting a hundred hard-coded paths in my Perl scripts.

I also burned up 3-4 hours trying to figure out why my "order by" MySQL syntax that has worked fine since 2003 suddenly failed a couple of days ago. An email regarding the need to upgrade to Perl 5.8.8 would have also been nice. The way I see it, cPanel owes me an 8-hour day.

As a lover of good barbecue, I would ordinarily accept red meat as payment, but my doctor has been making noise about my cholesterol levels, so let's go with hookers instead. I'm a licensed distributor, so cPanel has my address. I'll be waiting by the door

I can tell you the new system solves a problem that has been around for some time. That problem is with the old system it was impossible to have 2 or more different folders protected with the same foldername (nested). like site.com/cms/admin and site.com/cms2/admin . The way the old storgae system worked only one foldername "admin" could exist.

All of my apps that we have created or my customers have created that decided to use .htaccess protection use their own or were written to use their own files to store those passwords so I can see where this would the like a rug being yanked out from under you. But try to understand that the directory password protection that cPanel offers and manages inside the client side cPanel's was written by cPanel and the system in the background should not really matter as long as it functions with the product it was designed for and that's cPanel.

Having said that ..I do feel your pain. Things get moved around and changed. Most of the times there is damn good reason ..other times maybe not so good.

[rpmws]

I also burned up 3-4 hours trying to figure out why my "order by" MySQL syntax that has worked fine since 2003 suddenly failed a couple of days ago. An email regarding the need to upgrade to Perl 5.8.8 would have also been nice. The way I see it, cPanel owes me an 8-hour day.

As a lover of good barbecue, I would ordinarily accept red meat as payment, but my doctor has been making noise about my cholesterol levels, so let's go with hookers instead. I'm a licensed distributor, so cPanel has my address. I'll be waiting by the door

Finding an 8 hour day at cPanel is going to be hard. I can tell you now. They have them in 12, 16 20, 30 hour lenghts. I don't think they have any 8's around

If you like red meat ..eat more of it ..forget the damn doctor!!! I started eating a pound of bacon every morning 2 years ago to piss my doctor off and mine went down 18 points. As for the hookers ..you often get more than what you pay for so be careful there man!!!

[scottc]

I had this happen on one server but not another - both are running 11.4.6-C13580. Why is that, I wonder?

Scott

[soundguy]

But try to understand that the directory password protection that cPanel offers and manages inside the client side cPanel's was written by cPanel and the system in the background should not really matter as long as it functions with the product it was designed for and that's cPanel.
.

Well...no, it's NOT their system, and in fact has nothing to do with them. Web Protect is a cpanel-authored interface for editing standard APACHE .htaccess and .htpasswd files that control APACHE Basic authentication and were around long before cPanel was created. I suppose they are entitled to move the passwd files that they create, but they had to also edit MY .htaccess files to enable the new paths. There is a lot of other stuff in those files. I don't like the idea of a mindless upgrade script making changes to MY files without ANY advance notification.

I wonder what would have happened if I had moved all those Basic Auth details into httpd.conf (the way I did with some of my mod_auth_mysql-protected systems) instead of leaving them in the original .htaccess files? Is the upgrade system smart enough to mod the Apache conf file or would it have moved the passwd files and left ten thousand angry customers without access to their rightfully-paid-for memberships? Without .htaccess files to reference, would it have even known about the protected directories?

Considering the enormous client base that cpanel enjoys, I would be willing to bet that SOMEONE out there did move their authentication directives into httpd.conf and may now be fending off torch-wielding villagers while trying to figure out what the hell happened.

Again, it's not about making modifications to mission-critical systems - it's about doing it with virtually no notification whatsoever.

[soundguy]

Finding an 8 hour day at cPanel is going to be hard. I can tell you now. They have them in 12, 16 20, 30 hour lenghts. I don't think they have any 8's around

Obviously, you've never tried calling them. The front office people go home at 3:00pm EST which is noon here on the left coast - a.k.a. exactly when I get out of bed. They know ALL about 8 hour days (or less), and that doesn't help me with MY 16 hour days because they happen to be diametrically opposed with no overlap. What they really owe me is being there and answering the phone at 10:00pm some night when a real-world problem occurs and I actually need customer service.

As for the hookers ..you often get more than what you pay for so be careful there man!!!

...but *I'M* not going to be paying for them

Also, this week I'd be likely to hand them screwdrivers and tell them to start assembling servers anyway...naked of course

[cpanelnick]

Obviously, you've never tried calling them. The front office people go home at 3:00pm EST which is noon here on the left coast - a.k.a. exactly when I get out of bed. They know ALL about 8 hour days (or less), and that doesn't help me with MY 16 hour days because they happen to be diametrically opposed with no overlap. What they really owe me is being there and answering the phone at 10:00pm some night when a real-world problem occurs and I actually need customer service.



...but *I'M* not going to be paying for them

Also, this week I'd be likely to hand them screwdrivers and tell them to start assembling servers anyway...naked of course

Ticket/Email support is 24/7/365.

[rpmws]

Obviously, you've never tried calling them. The front office people go home at 3:00pm EST which is noon here on the left coast - a.k.a. exactly when I get out of bed. They know ALL about 8 hour days (or less), and that doesn't help me with MY 16 hour days because they happen to be diametrically opposed with no overlap. What they really owe me is being there and answering the phone at 10:00pm some night when a real-world problem occurs and I actually need customer service.



...but *I'M* not going to be paying for them

Also, this week I'd be likely to hand them screwdrivers and tell them to start assembling servers anyway...naked of course

Well i have to admit the password protection system changes caught me off guard as well back 6 months ago when it happened. And you are right .. I have never called their office. I have cell phone numbers for most of them and ever since I started using the product almost 10 years I have been treated like a king ..even when I had one lousy box. A day doesn't go by hardly that I don't get a call or make a call to someone there.

the CEO "cpanelnick" I can tell you is up @ 4-6am coding , I know becuase I have many times had him call me to tell me a problem he was working on for me was fixed. They work their asses off man.. all of them do. If you had come to the training semeniar you would have most likely gotten the personal business cards from all the developers as well. Getting ahold of cPanel is no problem. They have to be one of the most customer friendly companies in the market. So if you are not getting the service you feel you should you are either one just falling through the cracks or you don't know who or how to ask for help (yet).

None of what I am saying changes the fact that they do make mistakes and at times system design and upgrade processes can cause a train wreck for some people such as in your case. I am sorry that happened to you. By the way ..i know that the .htaccess and .htpasswd protection was a standard used for a long time. What I meant was the part that cPanel does and where it does it,....dir access that cPanel aids in creating and managing if you will.

[cPanelDavidG]

Obviously, you've never tried calling them. The front office people go home at 3:00pm EST which is noon here on the left coast - a.k.a. exactly when I get out of bed.

Billing folks work 7-3, Sales and Phone Support is 9-5. Tickets are 24/7/365. Not to mention there's sometimes the stray folks that answer phones after-hours.

[dgendron]

soundguy,

How did you fix the "order by" issue. I'ms till trying (upgraded to perl 5.8.8 but it still doesn't work)...

TIA!

[soundguy]

Just a heads-up for anyone who is using alternate authentication methods - it appears that cPanel is now randomly modifying .htaccess files that have nothing to do with Web Protect. I'm currently running around putting out fires and dodging pissed-off customers where it has added a new htpasswd path line to .htaccess files that contained nothing but mod_auth_mysql directives.

The REALLY odd thing is that it does not do it in every site on a server and in at least once instance, only hit one protected directory out of four (with very similar names and sitting at the same level) on the same domain.

For the record, the 8-hour day stuff was a JOKE . I have been a cPanel customer for about 4 years and a distributor for about 1 year. I have weathered all the upgrade catastophies and so far have never had an issue that I was not able to solve either with common sense, "mad *nix skilz", or simply by searching this forum and WHT for a fix. The only time I have ever needed to contact anyone at cPanel in a time-sensitive fashion has been the few times I have needed to change billing info for my distributor account before the impending billing event. That's when I discovered that they keep some extremely odd hours for people who do business primarily with sysadmins.

[rpmws]

Just a heads-up for anyone who is using alternate authentication methods - it appears that cPanel is now randomly modifying .htaccess files that have nothing to do with Web Protect. I'm currently running around putting out fires and dodging pissed-off customers where it has added a new htpasswd path line to .htaccess files that contained nothing but mod_auth_mysql directives.

The REALLY odd thing is that it does not do it in every site on a server and in at least once instance, only hit one protected directory out of four (with very similar names and sitting at the same level) on the same domain.

For the record, the 8-hour day stuff was a JOKE . I have been a cPanel customer for about 4 years and a distributor for about 1 year. I have weathered all the upgrade catastophies and so far have never had an issue that I was not able to solve either with common sense, "mad *nix skilz", or simply by searching this forum and WHT for a fix. The only time I have ever needed to contact anyone at cPanel in a time-sensitive fashion has been the few times I have needed to change billing info for my distributor account before the impending billing event. That's when I discovered that they keep some extremely odd hours for people who do business primarily with sysadmins.

I am sure that nick@cpanel.net would love to talk to you about those "random" .htaccess mods .

And for the record for myself I wasn't defending what happened to your directory protections ..I was just defending the fact I KNOW for a fact they work un-Godly hours all the time. Doesn't mean they are easy to reach. Get that info to Nick ..I am sure he is interested in that one.

[soundguy]

soundguy,

How did you fix the "order by" issue. I'ms till trying (upgraded to perl 5.8.8 but it still doesn't work)...

TIA!

In my particular case, it had to do with some cut & paste syntax I took from PhpMyAdmin a long time ago. For years, it read:

ORDER by $sort 'DESC'

After staring blankly at 10,000 lines of code for several hours, I remembered that Perl DBI syntax is not always the same as PHP so I experimentally changed it to

ORDER by $sort DESC

And everything started working again. I have no idea what the actual problem was, but it all started when CP11 came down and that fixed it, so I'm going to call it a success.

[dgendron]

thank you! although that wasn't exactly the way it was for me, DESC never did have any quotes in my case but '$sort' did, so I removed them and it worked. I should mention that I did try this before I upgraded to perl 5.8.8 with no success, but the compbination of the 2 seems to have made it work (or I just thought I'd already tried this...)