The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 141673] htpasswd in public_html after easyapache 3.26.10

Discussion in 'General Discussion' started by kjg, Nov 24, 2014.

  1. kjg

    kjg Well-Known Member

    Joined:
    Mar 2, 2004
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Just realised that there has been a directory named .htpasswd created in all accounts public_html directory after running easyapache update a couple of days ago. (easyapache 3.26.10)

    Was this created by that update? I so, why?

    I really do not understand why we should have htpasswd in public_html. For me that is a big NO NO.

    htpasswd should be outside the public_html directory and is normally created in the accounts root folder when a password is set in cpanel "password protect directory".

    Any info regarding this htpasswd in public_html would be much appreciated.

    // kjg
     
  2. kjg

    kjg Well-Known Member

    Joined:
    Mar 2, 2004
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    No one else having this problem/situation?

    Checked on 5 of our servers and all accounts on all servers had a .htpasswd folder created in public_html after last easyapache

    Would appreciate if someone could confirm that they also had this folder created automatically for all accounts.

    // kjg
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,829
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Feel free to open a support ticket using the link in my signature so we can take a closer look and verify the purpose of this directory. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  4. kjg

    kjg Well-Known Member

    Joined:
    Mar 2, 2004
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Hi Michael
    After some work from your excellent support staff, they identified the problem and I got the following reply"

    "I have now confirmed this on a new test machine when creating an account. After I run EasyApache, the .htpasswds folder is placed within that new user's public_html folder. I've opened case 141673 about this issue.
    ...
    We will hopefully have a response on the case by next week"

    // kjg
     
  5. elma

    elma Member

    Joined:
    Aug 13, 2003
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the update
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,829
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, internal case number 141673 is open to address the issue where a folder is being created within /home/$USER/public_html for .htpasswds (Apache's Password Protect Directories) rather than at the /home/$USER level. You can monitor our change log to see when a resolution for this case has been implemented:

    11.46 Change Log

    Thank you.
     
  7. dxer

    dxer Well-Known Member

    Joined:
    Sep 9, 2002
    Messages:
    295
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Europe
    I can confirm the same problem. It is now about month since this you wrote:
    "We will hopefully have a response on the case by next week"

    Any update on this? Change log doesn't show anything.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,829
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The resolution is currently scheduled for cPanel version 11.48. Note that the bug here is the directory creation. The directories are not utilized, so it's not a security concern.

    Thank you.
     
  9. David July

    David July Member

    Joined:
    Jun 13, 2013
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for the update.
     
  10. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    Michael I have a couple of quick questions in reference to this...

    1) Is there an ETA for 11.48 being pushed to Release?
    2) Once we are running 11.48 is it safe to assume that deleting the rouge htpasswd will be permanent so that it will not be recreated as it is if you delete it now (and that doing so will cause no unintended consequences)?
    3) What's the airspeed velocity of an unladen swallow?
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,829
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Right, in 11.48, once you delete the directory it should not come back, and it's acceptable to delete it. cPanel version 11.48 is currently available on the "Edge" and "Current" build tiers. We don't typically provide time frame estimates on when new versions will reach certain tiers. More information about our release process is available at:

    cPanel & WHM Product Versions and the Release Process

    Thank you.
     
  12. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    Thanks Michael, but you failed to address the third question! (None shall pass) :)
     
  13. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    Michael has this indeed been rectified in 11.48.0?
     
  14. David July

    David July Member

    Joined:
    Jun 13, 2013
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The changelog for 11.48.0.5 (2015-01-27) reflects the fix for this. Since then, I have been deleting the folders as I come across them and the fix appears to be working.
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,829
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, remember the change log will show you when a specific internal case number has been resolved:

    11.48 - Change Log

    Thank you.
     
Loading...

Share This Page