The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hundreds of odd redirects in new account ?

Discussion in 'General Discussion' started by nyjimbo, Mar 15, 2010.

  1. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    We just setup a clients new account on our cPanel 11.25.0-C43473 - WHM 11.25.0 - X 3.9 CENTOS 5.2 box and he added a subdomain and did some other work.

    Later on he claims he found almost 200 redirects for all the files he uploaded. I cant tell if he did it somehow or if the system just went nuts and did it but it basically shows that its set for ALL domains under the clients account then a file like:

    /gallery/new_hampshire/01-BirchFoliage.html

    redirects to

    http://www.xxx.com/gallery/new-hampshire/

    Type permanent
    Match (blank)
    WWW (blank)
    Wildcard (blank)

    of course each redirect is unique and seems to be for all files and folders.

    when you click remove it asks you if you:

    "Are you sure you wish to permanently remove the redirect /gallery/new_hampshire/01-BirchFoliage.html on ** All Public Domains **"

    if you answer yes it acts like it did it but the redirect remains.

    Has anyone else seen this before ?. I would like to just delete the account and let the client start over but I am worried the delete of the account might clobber the whole httpd.conf file or something else.

    Is there a location for all the redirects outside of the httpd.conf or any other file that could affect other customers if this account is deleted ?

    Thanks.
     
    #1 nyjimbo, Mar 15, 2010
    Last edited: Mar 15, 2010
  2. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    I also noticed a weird redirect:

    domain: ALL
    directory: /gmail
    redirect url: https://www.google.com/a/xxx.com
    type: permanent

    however no file or folder matches anything with the name google or google.com

    (note, the xxx.com is just my edit to remove the real domain)
     
  3. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    is it all under one account or its on multiple cpanel users on server ?

    check .htaccess in public_html fodler mostly redirects should be mentioned there.

    Also check if the user is exploited due to outdated gallery version or weak cpanel password.

    however running a full system scan would be recomended if its more than one cpanel user.
     
  4. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Its one account. I think it is the .htaccess file, it appears it was moved from another server and the redirects might have been entered manually but now cpanel is picking them up but it wont delete them so I have to figure that out. The file permissions on the .htaccess seem the same as any other .htaccess file on any other account so its something else.
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You can look in all ".htaccess" and "httpd.ini" files in the account and also at the VirtualHost section in the httpd.conf file (/usr/local/apache/conf) and outside of that, redirects can also be setup within the PHP scripts themselves so might want to take a peek in those and in particular their main index page and maybe grep for "header", "Location", or "url" and see what that turns up as well.

    If you are running DSO based PHP, I would strongly consider changing but also on that note, if this client has any files or permissions set to '777',
    I would open those files and take a deeper look into those as well.

    Code:
    find /home/(username)/public_html -perm 777
    find /home/(username)/public_html -type f -name '.htaccess' 
    
     
Loading...

Share This Page