The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Script to modify Host Access Control (WHM)?

Discussion in 'Security' started by nerod, Feb 4, 2011.

  1. nerod

    nerod Member

    Joined:
    Feb 4, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Lately I've been having a lot of trouble with people trying to get into my system, so in Host Access Control, I set whostmgrd to access my IPs only.

    The problem with this, is at work, I have a dynamic IP.

    Currently, I have a PHP script for another whitelisting resource on my site that allows me to save an IP into a database so I can access certain pages of the website that are locked to specific IPs only.

    I was wondering if it would be possible for me to pipe that script into also editing whatever file WHM uses for Host Access control?
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The file that is edited is simply /etc/hosts.allow file for the IPs you'd whitelist. You can simply cat the existing file to see the results of what it needs to have for each whitelisted entry. Please note that the ALLOW entries must be above the DENY ones.
     
  3. nerod

    nerod Member

    Joined:
    Feb 4, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I'm not sure what you mean; I don't have SSH access with a dynamic IP, either.. hence the need for a script.

    I tried something like this:
    Code:
    $usrip = isset($_SERVER['REMOTE_ADDR']) ? preg_replace("/[^0-9.]/", "", $_SERVER['REMOTE_ADDR']) : '';
    
    $file = "/etc/hosts.allow";
    $fp = fopen($file, "w") or die("can't open hosts.allow file");
    $stringData = "whostmgrd : '.$usrip.' : allow\n";
    fwrite($fh, $stringData);
    $stringData = "#work\n";
    fwrite($fh, $stringData);
    fclose($fh);
    }
    and I get the following error:
    So I tried to chmod ip.php to user nobody, same result.

    Any tips?
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You cannot run a script as a cPanel user to modify a root-level file. This script must be run as root to modify /etc/hosts.allow

    As for catting the file, this means you would need to do:

    Code:
    cat /etc/hosts.allow
    To see the currently existing entries to use the right syntax for each line you try to add.
     
  5. nerod

    nerod Member

    Joined:
    Feb 4, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I chmodded as root and also changed the group to root & still got that error, is there anything else I should do?

    Is this identical to pico? I usually use pico to edit in ssh, but I can't access ssh under a dynamic IP.
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    How are you able to change to root ownership for a file if you aren't already in SSH on the machine? Normally, you cannot chown (change ownership) to root if you aren't already root level on a server in SSH.

    As for pico, pico is to edit files, cat is to display the contents only. If you aren't editing a file but want to see the contents, you would want to cat that file rather than open it up for editing.
     
  7. nerod

    nerod Member

    Joined:
    Feb 4, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I am at home now, where I have a static IP. :)

    I'm trying to set something up so I can login to my WHM & SSH from work, which is a dynamic IP.

    Thanks for the tip regarding cat, I previously just pico'd everything and exited out after I was done, I'll give cat a try next time, instead.
     
Loading...

Share This Page