The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

403 errors after server been compromised

Discussion in 'General Discussion' started by zwen, Oct 9, 2006.

  1. zwen

    zwen Member

    Joined:
    Nov 21, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    we believe our server has been compromised ... and although the admins have fixed the emails and stuff... they are unable to revert some of the websites that are showing ERROR 403 (No permission to see the page).

    Any idea how we can reset the permissions of the webpages?

    Also some sites (different list of domains from the earlier problem) are listed under INACTIVE, i tried the button to reactivate them, but doesnt look like it's working...

    Any idea what's going on there?

    thanks a million.
     
  2. designeru

    designeru Well-Known Member

    Joined:
    Nov 2, 2005
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Hint!

    So, check the permitions on the folder specified in /usr/local/apache/conf/httpd.conf (don't go directly to /home dir... it could been changed). Also, be sure the user specified in the conf file is the one that has to has access to that directory.

    On all webpages... sure, you can do a bash script... something like this one (this one wasn't tested, use it at your own risk).

    Code:
    cmd=` ls /home `
    for i in $cmd
    do
        chown $i:nobody /home/$i -R
        chmod 755 /home/$i -R
    done
    Were are those websites marked as inactive? You mean suspended?
     
  3. zwen

    zwen Member

    Joined:
    Nov 21, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    the server was ok last night and the admins at the dc ran scripts to secure the server...

    403 errors are unsolved, and the cpanel team are suppose to be working on it.

    This morning the server acts up again, emails and sql are down again...

    and it's the same time as yesterday... the admins are working on getting the emails n sql to work.

    I'm desperate to get the server up n running again... this is really bad. Will it happen again tomorrow at the same time?!

    Can someone advise me on what to do next? This is really bad. i'm making life very miserable for my clients.... i feel so bad.
     
  4. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    16
    Have you installed security softwares such as APF, BFD ?
     
  5. angelina_holy

    angelina_holy Well-Known Member

    Joined:
    Aug 6, 2006
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    check the permissions and ownership on public_html folder for user:nobody permission 750
    What does /var/log/messages say ?
     
Loading...

Share This Page