The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

77 user accounts mystery

Discussion in 'General Discussion' started by kazar, Nov 30, 2014.

  1. kazar

    kazar Active Member

    Joined:
    May 18, 2008
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    NYC/Earth
    cPanel Access Level:
    Root Administrator
    One domain on my server apparently had its Drupal installation exploited at some point and as soon as I can I will simply rebuild that whole website rather than try to find the injected script. Spams are being sent out by the domain owner account: domainowner@hostname

    I notice today in WHM that the same domain is shown as having 77 users. There are only 6 email addresses and 2 ftp accounts. I did check in ~/.cpanel/email_accounts.yaml and only the expected 6 email accounts are showing.

    This domain also hosts mailman lists but I would not think that subscribers to a mailman list are counted as "users".And there is one MySQL database user. But even if mailman subscribers and the MySQL user are counted, this would still only add up to a grand total of something like 30 email users, ftp users, MySQL users and mailman subscribers.

    Where might I look on the server for these 77 users? I am curious what this high number of users could be about, and whether the existence of these mysterious hidden users could have something to do with the exploit on the website.

    thanks in advance,

    kazar
     
  2. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    What does that mean? "77 users" where in WHM does it say the # of users? or are you referring to the # of Apache connections to that account?
     
  3. kazar

    kazar Active Member

    Joined:
    May 18, 2008
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    NYC/Earth
    cPanel Access Level:
    Root Administrator
    Sorry for the lack of detail! It was in "Show IP Address Usage" in WHM, here is a screenshot:
    Screen Shot 2014-11-30 at 6.19.33 AM.png
     
  4. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Its showing the domain has 77 mail accounts, I don't think its a result of any hack though. We have several servers and very few of the "Mail Usage Displays the number of email accounts that the associated domain hosts." are correct. Some show 6 accounts that actually have 23 and some show 23 that have only 4. /scripts/ipusage also shows the wrong info most of the time.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can try rebuilding the Apache configuration file via:

    Code:
    /scripts/rebuildhttpdconf
    Also, review the passwd file in /home/$username/etc/$domain/ to see if any additional email accounts are listed there.

    Thank you.
     
  6. tonytran

    tonytran Registered

    Joined:
    Dec 1, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I have the same question?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please review my previous post to this thread and let us know your response to it.

    Thank you.
     
Loading...

Share This Page