The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

An Error has occurred! Unable to open configuration.php file to write!

Discussion in 'Security' started by jamiro911, May 28, 2010.

  1. jamiro911

    jamiro911 Member

    Joined:
    May 28, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I have a dedicated server from OVH and use cPanel. I just moved to a new server with the same installation. Since two days company Way to the Web Limited did a security check up, cause my other server was hacked twice and I didn't want that to happen again.

    The problem now is that in all my Joomla websites (I don't use others for the moment) I'm stuck cause I cant use FTP from the Joomla adm panel.
    I always get this message



    * JFTP::login: Unable to login
    * JFTP::write: Unable to use passive mode
    An Error has occurred! Unable to open configuration.php file to write!


    Strange is that I can login to filezilla with user and pass but not in Adm panel from the Joomla websites.

    I guess there is something changed within the last two days (maybe php version, or something in root server security)

    Someone who had same problemq?
     
  2. vheeds

    vheeds Member

    Joined:
    Feb 22, 2010
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    You should correct user name and password of your ftp they are in "site"menu
    site>global configuration>server>ftp setting and also make sure to use the passive mode ftp
     
  3. jamiro911

    jamiro911 Member

    Joined:
    May 28, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Hello. I guess you mean the FTP backup in main/backup/configure backup? That is on enabled.
    I also corrected name and password in ftp setting of joomla. I used the same as I use in Filezilla. Because strange enough I can go on FTP with Filezilla, but not en joomla admin panel. Even if I set configuration.php on 777

    I took a support ticket on Way to the Web Limited and this is what they told me.

    this thing is difficult for me to understand
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    If your server's PHP is anything other than DSO (Apache Module) based then you cannot set any file or folder on your web site to 777 permissions and doing so will actually break your scripts and could break your web site completely.

    DSO based PHP is less used these days primarily because of it's inherent security problems that are actually quite extreme and most servers deployed new are build primarily with SuPHP as the PHP base.

    Under SuPHP you don't need anything set to '777' and can safely ignore any program installation instructions telling you to set '777' permissions.
     
  5. jamiro911

    jamiro911 Member

    Joined:
    May 28, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Would it be helpful if I show my info.php?
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    For what should be obvious security reasons, I would not recommend publicly posting your phpinfo screen or a link to it.

    However, if you want to send me the link by private message, I would be happy to take a look at the for you and tell you what I see.
     
  7. jamiro911

    jamiro911 Member

    Joined:
    May 28, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    PM Sent with the link
     
  8. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I received your pm with the link but the page at the URL you sent does not exist.

    However the default 404 "File Not Found" page was every bit just as informative and, I am now very glad you chose to follow the advice to send the link to your phpinfo page (albeit missing) by private message. The fact that Apache is providing full signatures itself alone shows a lack of any significant effort to security harden the server but given what is actually in the that signature line is even more alarming:

    Code:
    Apache/[B][COLOR="Red"]1.3.37[/COLOR][/B] (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/[COLOR="Red"][B]4.4.7[/B][/COLOR] FrontPage/[B][COLOR="Red"]5.0.2.2635.SR1.2[/COLOR][/B] mod_ssl/2.8.[B][COLOR="Red"]28 [/COLOR][/B]OpenSSL/0.9.[B][COLOR="Red"]8b[/COLOR][/B]
    Legacy telnet is actually active on this server.

    Same goes for inbound ICMP.

    SSH is on the standard default port with open password access

    Port scans of the server indicate no active firewall with many ports open and no apparent signs of filtering of any kind and many vulnerable and exploitable server applications noted as well as two active server ports known to be associated with a specific rootkit exploit as well.

    Moreover, your Cpanel is a very old outdated version as well!

    If this is how the server looks from the outside, I'm almost a bit afraid to see how the server looks on the inside.
    It's no surprise whatsoever you got hacked twice! :eek:

    Someone supposedly did a "security checkup"? I think not! :rolleyes:

    I have your email and will follow up with you more on this outside the forums. :)
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    So what was this then from the first post, a different server?

     
  10. jamiro911

    jamiro911 Member

    Joined:
    May 28, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    No. I did a reinstall of the server, which installs cpanel from itself. Cpanel seems to be 6 years old...
    Server is from OVH.

    Totally outdated
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You're missing my point, if you had chirpy do a security checkup as you say, there is no way spiral would have found what he says he did.
     
  12. jamiro911

    jamiro911 Member

    Joined:
    May 28, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    indeed. this was after the reinstallation of the server.
    First I had the new server with the securtity checkup. But because some errors and no one could help me, I did a reinstall (without a security checkup again)
     
Loading...

Share This Page