The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

user become root

Discussion in 'General Discussion' started by solaris, Jan 22, 2008.

  1. solaris

    solaris Member

    Joined:
    Oct 2, 2004
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I have big problem on my cpanel. Our users login to Cpanel with their username and pass but they become root , so they can access to any users on the server.
    Please help us to configure.

    Thank you.
     
  2. WebHostDog

    WebHostDog Well-Known Member

    Joined:
    Sep 3, 2006
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Website Owner
    Hello,
    This happen when the passwords are the same. Change the root password to be different.
     
  3. solaris

    solaris Member

    Joined:
    Oct 2, 2004
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    No, the password is different...
    Additional info, When we tried to acces user's cpanel, the title bar show http://severname/cpanel not http://userdomain/cpanel
     
  4. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    try changing the option from tweak settings


    When visiting /cpanel or /whm or /webmail with SSL, you can choose to redirect to:
    make it to "Origin Domain Name"

    make be this helps..
     
  5. troxalias

    troxalias Well-Known Member

    Joined:
    Nov 21, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Athens - Greece
    What is the userid of this user ? Check /etc/passwd and make sure that the uid of this user (the second column) is not 0 .
     
  6. solaris

    solaris Member

    Joined:
    Oct 2, 2004
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    maverick23, you're right.
    I changed to "Origin Domain Name" and it works. Thank you.

    But now I have another headache, my server is going crazy which load of server reach up to 1,000.
    I'm running:

    WHM 11.15.0 cPanel 11.17.0-S19434
    FEDORA 6 i686 on standard - WHM X v3.1.0

    Processor #1 Name: Intel(R) Pentium(R) D CPU 2.80GHz
    Processor #1 speed: 2806.601 MHz
    Processor #1 cache size: 1024 KB

    Processor #2 Vendor: GenuineIntel
    Processor #2 Name: Intel(R) Pentium(R) D CPU 2.80GHz
    Processor #2 speed: 2806.601 MHz

    And I also run ConfigServer Security&Firewall.
    Tweak Settings is same as other servers, Prevent the user "nobody" from sending out mail to remote addresses is enabled.

    And here is the load of my server (Other servers which same configuration is running fine):

    top - 21:27:02 up 5 days, 5:19, 1 user, load average: 1012.31, 731.40, 991.35
    Tasks: 2383 total, 2 running, 2374 sleeping, 7 stopped, 0 zombie
    Cpu(s): 9.8%us, 7.5%sy, 0.0%ni, 12.5%id, 69.7%wa, 0.2%hi, 0.3%si, 0.0%st
    Mem: 2059056k total, 1808592k used, 250464k free, 15012k buffers
    Swap: 2096440k total, 387524k used, 1708916k free, 477564k cached

    PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    16873 named 20 0 49384 11m 1772 S 4 0.6 8:33.85 named
    31895 root 15 0 3688 2444 796 R 4 0.1 1:47.98 top
    10426 nobody 15 0 37240 21m 2904 S 2 1.1 0:00.05 httpd
    28629 cacaca 18 0 8456 892 496 D 1 0.0 0:00.63 exim
    10537 mailnull 16 0 9532 3728 2480 R 1 0.2 0:00.04 exim
    23586 mysql 15 0 141m 31m 3480 S 1 1.5 113:48.93 mysqld
    10407 nobody 15 0 39116 23m 2808 S 1 1.2 0:00.13 httpd
    25545 cacaca 18 0 8464 1032 616 D 1 0.1 0:00.73 exim
    27483 cacaca 18 0 8456 896 496 D 1 0.0 0:00.57 exim
    1297 root 10 -5 0 0 0 S 0 0.0 4:56.72 kjournald
    11655 cacaca 18 0 8464 1036 616 D 0 0.1 0:01.62 exim
    25514 cacaca 18 0 8460 892 496 D 0 0.0 0:00.70 exim
    25540 cacaca 18 0 8464 900 496 D 0 0.0 0:00.68 exim
    25923 cacaca 18 0 8464 1032 616 D 0 0.1 0:00.31 exim
    27485 cacaca 18 0 8464 1032 616 D 0 0.1 0:00.52 exim
    27486 cacaca 18 0 8456 892 496 D 0 0.0 0:00.57 exim
    10379 nobody 15 0 42028 25m 3004 S 0 1.3 0:00.41 httpd
    1 root 15 0 2040 568 540 S 0 0.0 2:25.65 init

    Cheked with top -c

    top - 00:06:55 up 5 days, 7:59, 1 user, load average: 625.82, 757.86, 834.08
    Tasks: 2369 total, 1 running, 2363 sleeping, 5 stopped, 0 zombie
    Cpu(s): 8.9%us, 42.9%sy, 0.0%ni, 25.2%id, 22.2%wa, 0.2%hi, 0.6%si, 0.0%st
    Mem: 2059056k total, 1909576k used, 149480k free, 97156k buffers
    Swap: 2096440k total, 362004k used, 1734436k free, 453856k cached

    PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    15658 root 16 0 3660 2460 796 R 5 0.1 0:01.60 top -c
    5528 cacaca 18 0 8464 1040 620 D 3 0.1 0:00.72 /usr/sbin/exim -Mc 1JHMHS-0000Tp-LR
    6407 cacaca 18 0 8456 1036 620 D 3 0.1 0:00.61 /usr/sbin/exim -Mc 1JHMIk-00013n-HF
    8154 cacaca 18 0 8456 900 500 D 3 0.0 0:00.36 /usr/sbin/exim -Mc 1JHMLy-0001iF-2z
    6443 cacaca 18 0 8456 896 500 D 3 0.0 0:00.52 /usr/sbin/exim -Mc 1JHMIn-000145-QV
    7283 cacaca 18 0 8464 1036 620 D 3 0.1 0:00.31 /usr/sbin/exim -Mc 1JHMJy-0001LA-6C
    9689 cacaca 18 0 8456 896 500 D 3 0.0 0:00.39 /usr/sbin/exim -Mc 1JHMPp-0002Bh-9Y
    29777 cacaca 18 0 8456 1032 616 D 2 0.1 0:00.79 /usr/sbin/exim -Mc 1JHM5m-0007Le-Og
    4543 cacaca 18 0 8464 1092 616 D 2 0.1 0:00.55 /usr/sbin/exim -Mc 1JHMGJ-0000qr-AL
    7818 cacaca 18 0 8464 904 500 D 2 0.0 0:00.33 /usr/sbin/exim -Mc 1JHML0-0001iF-KT
    9842 cacaca 18 0 8464 904 500 D 2 0.0 0:00.18 /usr/sbin/exim -Mc 1JHMQD-00029M-LC
    1617 cacaca 18 0 8456 1036 620 D 2 0.1 0:00.56 /usr/sbin/exim -Mc 1JHMC3-0008Hw-U1
    4544 cacaca 18 0 8464 1040 620 D 2 0.1 0:00.52 /usr/sbin/exim -Mc 1JHMGJ-0000jS-NQ
    7388 cacaca 18 0 8456 1036 620 D 2 0.1 0:00.50 /usr/sbin/exim -Mc 1JHMK0-00013z-HM
    32111 cacaca 18 0 8452 888 496 D 2 0.0 0:00.60 /usr/sbin/exim -Mc 1JHM9f-00087Y-MD
    953 cacaca 18 0 8464 896 500 D 2 0.0 0:00.60 /usr/sbin/exim -Mc 1JHMBA-0008En-WF
    2425 cacaca 18 0 8456 896 500 D 2 0.0 0:00.53 /usr/sbin/exim -Mc 1JHMD0-0008Em-UH
    5706 cacaca 18 0 8464 1096 616 D 2 0.1 0:00.74 /usr/sbin/exim -Mc 1JHMHl-0000vy-V3
    5708 cacaca 18 0 8464 904 500 D 2 0.0 0:00.55 /usr/sbin/exim -Mc 1JHMHl-0000qr-EH
    6012 cacaca 18 0 8464 1040 620 D 2 0.1 0:00.61 /usr/sbin/exim -Mc 1JHMIC-0000vy-Mi
    6366 cacaca 18 0 8464 1036 620 D 2 0.1 0:00.37 /usr/sbin/exim -Mc 1JHMId-00011t-Ab
    8017 cacaca 18 0 8464 900 500 D 2 0.0 0:00.53 /usr/sbin/exim -Mc 1JHMLe-0001eV-E6
    961 cacaca 18 0 8464 1096 616 D 1 0.1 0:00.61 /usr/sbin/exim -Mc 1JHMBB-0008Em-7y
    4539 cacaca 18 0 8456 896 500 D 1 0.0 0:00.59 /usr/sbin/exim -Mc 1JHMGJ-0000Wm-B5
    6390 cacaca 18 0 8456 896 500 D 1 0.0 0:00.39 /usr/sbin/exim -Mc 1JHMIZ-000145-OE
    7465 cacaca 18 0 8456 1036 620 D 1 0.1 0:00.31 /usr/sbin/exim -Mc 1JHMK5-0001LA-N1

    How to check what is user cacaca running?
    Did I misconfigure the server?
    can someone guide me to overcome this problem please...
     
    #6 solaris, Jan 22, 2008
    Last edited: Jan 22, 2008
  7. smile

    smile Well-Known Member

    Joined:
    Oct 2, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    0
    At this point I suggest you hire a Good SysAdmin who could take care of these issues for you, I suggest you contact Chirpy or Stevan from Rack911 and either of them should be able to assist you.
     
  8. OMP

    OMP Member

    Joined:
    May 14, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Wow, that load is insane. Clearly all of the load is being caused by EXIM, which probably means you have a spammer running off your server, who is just pounding spam through exim at an insane rate. I'd shutdown exim and start looking at the exim logs (/var/log/exim_mainlog) as a place to start and see what is going through exim. Could be that the user cacaca is doing it knowingly and you are hosting a spammer or they have installed some kind of PHP email script on thier website and it is being exploited.
     
    #8 OMP, Jan 24, 2008
    Last edited: Jan 24, 2008
  9. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Setup e-mail limit per hour so you can restrict spam abuse/load.
     
Loading...

Share This Page