The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

httpd restart fails with no access to cPanel/WHM

Discussion in 'General Discussion' started by saqur, Sep 21, 2011.

  1. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Hi there

    I don't have access to cPanel/WHM and any website on the server. When I try to restart httpd service this error appears:

    Anybody can help me solve it?

    Thanks
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The error message indicates that the /usr/local/apache/logs/modsec_audit.log cannot be opened. Does the file exist?

    Code:
    ls -lah /usr/local/apache/logs/modsec_audit.log
    If it doesn't exist, try creating it:

    Code:
    touch /usr/local/apache/logs/modsec_audit.log
     
  3. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    I tried to use the first command but it says:

    I checked this with sftp but the "logs" dir does not exist!
    Should I create it?
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Try instead to use ls -l:

    Code:
    ls -l /usr/local/apache/logs/modsec_audit.log
    Also, please use SSH to log into the machine rather than using sFTP.
     
  5. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Code:
    [root@server ~]# ls -l /usr/local/apache/logs/modsec_audit.log
    ls: /usr/local/apache/logs/modsec_audit.log: No such file or directory
    [root@server ~]# touch /usr/local/apache/logs/modsec_audit.log
    touch: cannot touch `/usr/local/apache/logs/modsec_audit.log': No such file or directory
    
    What should I do now?
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Now try:

    Code:
    ls -l /usr/local/apache/logs
     
  7. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Code:
    [root@server ~]# ls -l /usr/local/apache/logs
    ls: /usr/local/apache/logs: No such file or directory
    
    It seems that my logs folder is lost!
     
    #7 saqur, Sep 21, 2011
    Last edited: Sep 21, 2011
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Does /usr/local/apache itself exist?
     
  9. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Yes it is, with some folders in it.
    I think only the logs folder is lost & I don't know why?!
     
  10. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Code:
    [root@server ~]# ls -l /usr/local/apache
    total 88
    drwxr-xr-x   2 root     root         4096 Sep 21 04:55 bin
    drwxr-xr-x   2 root     root         4096 Apr  1 00:48 build
    drwxr-xr-x   2 root     root         4096 Mar 31 22:45 cgi-bin
    drwxr-xr-x   9 root     root         4096 Sep 21 18:30 conf
    drwxr-xr-x   9 root     root         4096 Dec 23  2008 conf_pre_ea3
    drwx--x--x  42 root     wheel       28672 Sep 21 23:31 domlogs
    drwxr-xr-x   3 root     root         4096 Mar 31 22:45 error
    drwxr-xr-x   6 root     root         4096 Apr  1 00:48 htdocs
    drwxr-xr-x   3 root     root         4096 Mar 31 22:45 icons
    drwxr-xr-x   2 root     root         4096 Apr  1 00:48 include
    drwxr-xr-x   2 root     root         4096 Apr  1 00:48 lib
    drwxr-xr-x   4 root     root         4096 Mar 31 22:45 man
    drwxr-xr-x  14 root     root        12288 Sep 21 04:55 manual
    drwxr-xr-x   2 root     root         4096 Apr  1 01:04 modules
    
    This is the list of /usr/local/apache
     
  11. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You are going to have to create the folder:

    Code:
    cd /usr/local/apache
    mkdir logs
    After that, create any files it notes don't exist when you try to start Apache

    Code:
    touch /pathtofilename
    Where pathtofilename is the path and name of the file.
     
  12. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    I did it. but now I see all of my websites are hacked. I think the attack was on the server and some cpanel files are deleted, because I still can not access to WHM.
    What can I do to repair cpanel/WHM?
     
  13. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The first thing you should do is check for any backups you have, then format a new machine with cPanel on it to transfer those backups for restoring them. A hacked machine at the level you are talking about (/usr/local/apache) means a root level compromise in all likelihood. They could end up leaving a backdoor on that machine to allow them access again. The best idea is to get a fresh machine up and running from backups, then check the old machine to determine how they managed to compromise it.
     
  14. saqur

    saqur Member

    Joined:
    Oct 10, 2008
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for all useful helps.
     
Loading...

Share This Page