The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Account Transfer Issues WHM => WHM (FREEBSD)!!

Discussion in 'General Discussion' started by cobaltware, Mar 17, 2010.

  1. cobaltware

    cobaltware Registered

    Joined:
    Apr 12, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hello, Cpanel Community

    Iam a longtime Cpanel/WHM User and I need your help.

    After getting one of my servers repeatedly hacked it had CentOS installed I ordered 2 new servers from a company that offered FreeBSD 7.2/32Bit in hope of avoiding getting rooted locally via kernel exploits and other possible things that bug Linux servers for ages.

    The problem I have is with account transfers. I tried the automatic way via WHM => WHM via copy single acc or copy multiple acc and always had the problem that WWW data was not transferred every time.

    So I did it manually, on server A I ran /scripts/pkgacct $accname and on server B I did /scripts/restorepkg $accname which left me with the following findings & errors


    • Email Accounts
    • Mysql Acounts
    • Mysql Databases
    • Webalizer/Stats Data

    were restored perfectly. But the WWW data was missing inside public_html. And I was getting the following errors.

    Code:
    Restoring Bandwidth Data
    The rrdtool binary was not found. Bandwidth RRD databases not restored.Done
    Code:
           tar: -b: Cannot stat: No such file or directory
    tar: 200: Cannot stat: No such file or directory
    tar: Error exit delayed from previous errors.
    Done
    Code:
           Restoring database cu501_wp......
    Done
    Restoring database horde......
    Overwriting existing database: horde
    ERROR 1062 (23000) at line 68: Duplicate entry
    'info@aretitsouka.gr-horde-last_login' for key 1
    Done
    Restoring database cu501_site......
    Done
    Done
    Code:
           warn [whostmgr5] Expected data to be saved. $opts->{'data'}
    was empty. /var/cpanel/reseller-limits has been left untouched.
    warn [whostmgr5] Expected data to be saved. $opts->{'data'} was empty.
    /var/cpanel/package-limits has been left untouched.
    The culprit for the missing WWW data seems to be the TAR error. I looked inside /scripts/restorepkg and saw that /usr/local/cpanel/whostmgr/bin/whostmgr5 is invoked that supposedly manages the account restoration process. Unfortunately this is a binary and I can not see inside to figure out why the tar command fails.

    All those above errors are NOT visible via WHM Acc transfer/restoration only via console.

    So does anybody have an idea what could be wrong with my FreeBSD servers?

    I allready got my server company todo a fresh manual reinstall of cPanel because the first time alot of basic cPanel things were missing. I have currently send support tickets to that server company so that they also have a look at it. But I hope the Cpanel community maybe has an idea whats wrong.

    Thanks for your time
    Leonidas

    PS: Pop keeps failing repeatedly aswell and I had issues with IMAP via Squirrelmail etc
     
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    If you have no idea of FreeBSD yet, I would say don't go with it. It's not easy to deal with as CentOS is. Yes, it is more secure than CentOS but difficult to manage. You can again get a CentOS server with proper security settings which will avoid hacks in the future.

    If you have worked on FreeBSD before, then the best way is to submit a ticket to cPanel and have them look at it because your hosting company eventually going to do the same :)
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Do you still have the original server? Copy of the logs perhaps?

    This is precisely the sort of thing that I specialize in first and foremost and being a holiday, I have some free time today and it would be no problem if you would like me to take a complimentary quick look see over things and it is very likely that I could tell you a lot more precisely exactly how you are getting "repeatedly hacked" and what you might be able to do to prevent that from ever happening again in the future.

    I personally don't think switching to FreeBSD is the answer there as you are actually probably actually a whole lot better off with your original CentOS though you may have some underlying issue that may still need some attention and addressing towards security.

    Without seeing your original server's configuration, I am not so sure that your being hacked is from "kernel exploits" though it could possibly be but that is something that is very easy to fix. There is literally thousands of other ways that your server might be vulnerable that most all has absolutely nothing to do with the system kernel and that is something that you must also consider as well.

    Again though, if you would like me to help you with that, just let me know and I'll be glad to give you a hand there and see what can be done to help you make sure something like this doesn't happen in the future.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You are 100% absolutely correct on the "easy to deal with" statement as CentOS is definitely a lot smoother to manage particularly where it comes to operating along side Cpanel / WHM and FreeBSD has a lot of operational differences that can be a bit of a learning curve for someone coming over from Linux.

    Now regarding your second statement about FreeBSD being "more secure", that is actually a very common misconception. Many don't realize this but I could personally list just as many ways to hack and exploit FreeBSD servers as Linux servers if not a few more ways (FreeBSD has certain additional quirks not present in Linux).

    Either way though, you are in danger if your server is not properly security hardened but if I had to choose one OS over the other, I would actually lean more towards the CentOS server not so much because of what may or may not be vulnerable in it's "default" state but rather what I can "harden" and the efficiency with which I can go about doing just that.

    Anyway though, there's my 2 cents on the matter ....
     
  5. cobaltware

    cobaltware Registered

    Joined:
    Apr 12, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for replying bud, if I was the only one placing files on the server ie. my php files and everything I would configure it so that no possible malicious entry would happen via php (ie. file inclusion/xss etcetc) but unfortunately Iam hosting alot of websites for clients etc and their technical expertise is close to zero and because of their demands I had to configure certain things in PHP that I would otherwise not have done.

    I have worked with BSD oses and specially OpenBSD so I know my way around. Iam actually contemplating asking the company to reinstall the server using CentOS, I used to have a couple of servers with RHEL and never had security issues.

    As I answered above I have my share of experience with FreeBSD and it shouldn't be a problem :)

    Well, what I was trying to say is that a FreeBSD out of the box has higher/more increased security than a generic Linux server. If you have a look at the X amount of exploits released for Linux related services/kernels and then compare that to the Y amount of exploits released for FreeBSD you surely will see a difference.

    The reason I picked cPanel/WHM is that I want to avoid configuring everything from scratch and adding accounts manually to the server. I can configure all services by myself but its very time consuming and writing my own basic panel is not an option because of time restraints Iam rather content with cPanel and as a last resort as I told above I would ask them to install centos and then try to "secure" it as good as I can.

    I do keep daily backups of my customers accounts offsite so a "intrusion" would not be big of a problem Iam just trying to avoid any possible downtime.

    I hope someone who has experienced something similar to me will respond so that I can troubleshoot my poor servers :D

    Thanks for your insight though guys :)

    Leonidas
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Uhm ... you do realize what you just said made no real sense, right? ;)

    What exactly does "hosting a lot of websites " and "no technical expertise" for your users have to do with how your PHP, security, or server is otherwise configured?

    Or let me put it this way ---- THOSE ARE NOT MUTUALLY EXCLUSIVE!

    There is no need to compromise functionality for security or vice-versa and the thought of that is very much a large misconception mainly as people on average generally don't really know how to do these things and whether you realize it or not at this point, you very much can actually do all the hardening you spoke of and much beyond that without having any impact on your users or sites whatsoever --- that's really not a problem even in the slightest!

    You think otherwise? Let me happily prove you wrong! ;)

    I know full well precisely what you were saying and I agree up to a certain point.

    Note that you yourself just now said "out of the box" there ....

    If someone were going to do absolutely nothing to in any way setup, configure, or otherwise do anything at all to security harden their server and use it blindly straight out of the box that in itself would be really stupid but unfortunately is still all too common place these day and in that specific situation I would say indeed FreeBSD would be the better choice but doesn't change the fact such a user would be testing their fate and leaving themselves quite vulnerable by doing such a thing.

    The point I originally made and will make it here again is that it is unwise to leave ANY server in it's un-configured default "out of the box" state and where as it comes to security, you are able to far more extensively security harden and lock down the server from possible exploit, hacking, and other compromises under CentOS than you are aptly able to do under FreeBSD just per certain characteristics and aspects of each respective operating system.

    Incidentally, when testing security for clients, it on average takes me less than 1/4th the time to hack a FreeBSD server than one properly hardened on Linux (any flavor) and I think a lot of that may have to do with people generally making the presumption that FreeBSD is more secure and therefore have less of a need for additional configuring or hardening and that really is the gravest of mistakes.

    Though I do actually understand what you are saying and thinking here, once again your statements really do not make much logical sense ...

    What do you mean exactly by "configuring everything from scratch"?

    What do you mean by "adding accounts manually"?

    It almost sounds like you are possibly under some false misconception that if you do any configuring outside Cpanel that you won't be able use Cpanel to manage accounts or in contrast that Cpanel by itself takes care of everything that you need to setup during initial server deployment --- both of these are completely untrue incidentally.

    Yes -- you can completely configure, optimize, and harden your server above and beyond Cpanel's installation and you rightfully should do so but at the same time there is no reason why any of that would in any way effect Cpanel once setup or have any bearing whatsoever on Cpanel's management of hosting accounts which is also why I said above that your statements in the last section made "no logical sense".

    (Side FYI -- Cpanel is very poorly configured at install and it is well worth the time it takes to get things properly setup before using a new server and I highly recommend anyone setting up a new Cpanel installation take the time to make sure things are setup properly)

    Actually, an "intrusion" could be a "very big problem" as that leaves your client's data and private information, databases, and files open and exposed and though it is good you might be able to recover from that, it does not change the fact that this is something that you would not really want to happen to you in the first place.

    It is great to have backups but is much better to avoid having the need to use them! ;)

    Someone? Speaking to one already!

    I have seen the very same issues described from your original post many times before and I even have a set of remapped aliases put together and some additional conversion scripts that give you the same functionality under FreeBSD to get rid of the few compatibility items you had originally described with tar and such but the larger discussion here is it sounds like you moved to FreeBSD primarily out of the thoughts of security and in that regard is actually somewhat of a mistake.

    But anyway, yes I can help you with every aspect of any or all of this ...
     
Loading...

Share This Page