web site stops working inside a disabled shell.

[keat63]

I'm still learning WHM and its security measures etc.
I've tried to put one of my accounts under a disabled shell, but as soon as i do this, the site stops working.
I did ask a week or so ago, but don't think i got a reply.

The site in question is a cubecart which uses PHP files.
Is there any reason why it stops working, ?
I'm, seeing 404 errors, so i'm assuming that the files have moved ??

- - - Updated - - -

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at www.xxx.co.uk Port 80

 

[cPanelMichael]

Hello

Could you let us know the output in /usr/local/apache/logs/error_log when the internal server error message appears?

Thank you.

 

[keat63]

Hello

Could you let us know the output in /usr/local/apache/logs/error_log when the internal server error message appears?

Thank you.

This is me changing the site back to disabled shell, then trying to open the site.

[Tue Dec 09 19:52:54 2014] [notice] Graceful restart requested, doing restart
[Tue Dec 09 19:52:55 2014] [notice] mod_ruid2/0.9.8 enabled
[Tue Dec 09 19:52:55 2014] [notice] Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 configured -- resuming normal operations
[Tue Dec 09 19:52:58 2014] [error] [client my.ip.address] SecurityException in Application.cpp:186: Do not have root privileges. Executable not set-uid root?
[Tue Dec 09 19:52:58 2014] [error] [client my.ip.address] Premature end of script headers: index.php
[Tue Dec 09 19:52:58 2014] [error] [client my.ip.address] File does not exist: /home/account/public_html/500.shtml

 

[cPanelMichael]

Please check the ownership values of the index.php file and the public_html directory itself. The logs indicate the file or directory might be owned by "root" instead of the account username.

Thank you.

 

[keat63]

Michael.
After you mentioned apache, i figured i'd play with apache/php config.
I changed the PHP 5 Handler from SUPHP to DSO, restarted Apache and it seems that the site is now working in a shell.
Although, I'd have to fully test this.

Whats the difference between SUPHP and DSO and are there any implications ?

Also could you explain how i check the ownership ?

 

[cPanelMichael]

You can review ownership values with a command such as:

ls -al /home/username/public_html

While using DSO may allow the website to load, it's likely still a good idea to review file/directory ownership values because "root" ownership is not ideal for a shared hosting account. The following document explains the differences between suPHP and DSO:

PHP Handlers

Thank you.

 

[keat63]

I put it back to SUphp, removed it from the shell then added it back in. (just in case)
This is what I found.

[email protected] [~]# ls -al /home/user/public_html
total 76532
drwxr-x--- 20 user nobody     4096 Dec  9 20:03 ./
drwx--x--x 15 user user       4096 Dec  9 09:11 ../
-rw-r--r--  1 user user   48081909 Nov 21 08:46 171114.zip
-rw-r--r--  1 user user      11262 Nov 21 08:45 404.htm
drwxr-xr-x 18 user user       4096 Nov 21 08:46 admin/
-rw-r--r--  1 user user      10648 Nov 21 08:45 AT146.pdf
-rw-r--r--  1 user user   23690574 Nov 21 08:46 atnumscrews.zip
drwxr-xr-x  4 user user       4096 Nov 21 08:52 userimages/
-rw-r--r--  1 user user     571372 Nov 21 08:50 user-sitemap.xml
-rw-r--r--  1 user user    1428298 Nov 21 08:46 Body\ Clip\ A4\ 2.pdf
-rw-r--r--  1 user user       4294 Nov 21 08:50 cart.php
drwxr-xr-x  2 user user       4096 Nov 21 20:41 cgi-bin/
-rw-r--r--  1 user user      26671 Nov 21 08:50 challenge.jpg
drwxr-xr-x  3 user user       4096 Nov 21 08:47 classes/
-rw-r--r--  1 user user       2905 Nov 21 08:50 confirmed.php
drwxr-xr-x  3 user user       4096 Nov 21 08:47 contact/
drwxr-xr-x  2 user user       4096 Nov 21 08:48 coshh/
drwxr-xr-x  2 user user       4096 Nov 21 08:48 docs/
-rw-r--r--  1 user user       3693 Nov 21 08:50 download.php
-rw-r--r--  1 user user          0 Nov 21 08:46 error_log
drwxr-xr-x  2 user user       4096 Nov 21 08:48 extra/
-rw-r--r--  1 user user       1150 Nov 21 08:46 favicon.ico
-rw-r--r--  1 user user       1003 Nov 21 08:50 .htaccess
-rw-r--r--  1 user user       1115 Nov 21 08:45 .htaccess-copy
drwxr-x---  2 user nobody     4096 Nov 21 13:54 .htpasswds/
drwxr-xr-x  9 user user       4096 Nov 21 08:55 images/
drwxr-xr-x  7 user user       4096 Nov 21 08:48 includes/
-rw-r--r--  1 user user       6725 Nov 21 08:50 index.php
-rw-r--r--  1 user user       6717 Nov 21 08:46 index.php-notellafreind
-rw-r--r--  1 user user       6717 Nov 21 08:50 index.php-orig
-rw-r--r--  1 user user        573 Nov 21 08:46 info.php
drwxr-xr-x  2 user user       4096 Nov 21 08:48 js/
drwxr-xr-x 12 user user       4096 Nov 21 08:48 language/
-rw-r--r--  1 user user      76404 Nov 21 08:50 latex.jpg
-rw-r--r--  1 user user      45892 Nov 21 08:50 logo.jpg
drwxr-xr-x  5 user user       4096 Nov 21 08:48 modules/
-rw-r--r--  1 user user      16362 Nov 21 08:50 new-blue.jpg
-rw-r--r--  1 user user      13276 Nov 21 08:50 new-grey.jpg
-rw-r--r--  1 user user      64000 Nov 21 08:50 of.doc
-rw-r--r--  1 user user        684 Nov 21 08:50 offLine.php
-rw-r--r--  1 user user      64000 Nov 21 08:50 oform.doc
-rw-r--r--  1 user user     322983 Nov 21 08:50 of.pdf
drwxr-xr-x  7 user user       4096 Nov 21 08:49 pear/
drwxr-xr-x  2 user user       4096 Nov 21 08:49 psusite/
-rw-r--r--  1 user user      13870 Nov 21 08:50 README.txt
-rw-r--r--  1 user user       1444 Nov 21 08:50 recommend.php
-rw-r--r--  1 user user       1437 Nov 21 08:46 recommend.php-old
-rw-r--r--  1 user user       1440 Nov 21 08:46 recommend.php-old2
-rw-r--r--  1 user user        576 Nov 21 08:50 robots.txt
drwxr-xr-x  2 user user       4096 Nov 21 08:49 root\ backup/
-rw-r--r--  1 user user    3006331 Nov 21 08:46 rubberwheel2.zip
-rw-r--r--  1 user user         99 Nov 21 08:50 shop
-rw-r--r--  1 user user       1390 Nov 21 08:50 shop.php
drwxr-xr-x  4 user user       4096 Nov 21 08:52 skins/
-rw-r--r--  1 user user       2448 Nov 21 08:50 spiders.txt
-rw-r--r--  1 user user       2787 Nov 21 08:50 switch.php
-rw-r--r--  1 user user       2186 Nov 21 08:46 test.htm
-rw-r--r--  1 user user        471 Nov 21 08:46 thankyou.htm
-rw-r--r--  1 user user      28453 Nov 21 08:46 title.gif

Prior to this, I also tried making changing the ownership of the account from root to user.
But it still failed with shell disabled

 

[cPanelMichael]

Prior to this, I also tried making changing the ownership of the account from root to user.

Are you still receiving the same error message in the Apache error log when visiting the website after making the ownership modifications?

Thank you.

 

[keat63]

Hi Michael.

I am still seeing the same issue.
There is something on the cubecart forums about the ereg() functions being deprecated and PHP will throw back a lot of warnings in PHP 5.
The cubecart i'm using was written when PHP4 was in fashion.

Do you think this could have anything to do with it ?

It does seem to be running OK in a disabled shell when PHP is configured for DSO, and runs OK when PHP is configured for SUphp when in a normal shell.

There will only be me running this server, i will not be reselling it, but I will have a number of domains (belonging to myself) on there.
I'm happy to leave it at DSO if there are no security implications.

 

[Infopro]

The cubecart i'm using was written when PHP4 was in fashion.

Why would you be installing an older version of this script?
/http://cubecart.com/tour/hosting-requirements

Requirements say:
PHP Version 5.2.3+

If you're having issues installing that script, you might try asking for support on that scripts support channels.

I don't see any cPanel issues here, so much as you having issues installing some script on a cPanel Powered Server.

We can't support CubeCart on these forums.

 

[keat63]

Sorry InfoPr, i'm not sure what you're trying to say.?
I'm not asking for Cubecart help, I'm trying to understand what's causing the site not to work inside a shell.
The cubecart we are using is heavily modified and won't upgrade without losing the mods, some of which are vital to the job.
And i only discovered yesterday that PHP5 may cause issues.

I guess my next thing will be to try and downgrade PHP to 5.2.3, and see if this helps

 

[Infopro]

I'm not asking for Cubecart help, I'm trying to understand what's causing the site not to work inside a shell.

You're trying to make an old, out of date, possibly not secure script work. It's running as root user it sounds like to me.

I've tried to put one of my accounts under a disabled shell, but as soon as i do this, the site stops working.

It's not your cPanel that has an issue though, its the script, Cubecart not working on your I assume, up to date cPanel Powered Server.

Support for Cubecart can be found on the Cubecart support site. My guess, they'll tell you to upgrade the script. Regardless, cPanel cannot support it.

The cubecart we are using is heavily modified and won't upgrade without losing the mods, some of which are vital to the job.

If I had a dime for every time I read a comment like this, right before the site got hacked, I'd be living on a beach somewhere with my feet up and a cold beer in my hand.

My apologies if that sounds a bit harsh, its not meant to. If you read it as such though, do a bit more reading. Google this:
Cubecart vulnerabilities

GL!

 

[keat63]

I knew nothing about WHM until about two weeks ago, so I'm undergoing a massive self learning curve.

Earlier in the week, the site was owned by root.
I naively assumed that as i'm the only person using this and the password is very secure, that it would be OK to run all my domains under a single login/user (root)
However, I've since learned that this is maybe not such a good thing, so I made the account a reseller.

I'm under pressure to move the site from it's current host, but at the same time keep it working, only then could i even consider trying to upgrade it.
Given the custom mods applied, i know from the start that it's not going to work and will be a long arduous trek.

 

[Infopro]

I naively assumed...

I've been reading your recent threads, understood.

I'm under pressure to move the site from it's current host..

None of my business of course, but I'd be interested to know why this is. If I was to guess, some sort of problems with this Cubecart.

so I made the account a reseller.

Why? It sounds to me like this site has some things going on with it that require escalated privileges.

Still, my point stands. We cannot support any third party scripts on this forum. Especially those that are out of date and not secure.

I'd feel bad if I or anyone else here helped you get this working and it got hacked, and then you came back asking how that happened.


If you have a properly configured and secured server, and then you created a Basic Package with no Reseller perms, and you then create an account to use that Package, and then you created a Database on that account, logged in as that normal user, and then imported your cubecart database into it, and then you uploaded all files for the site, properly, meaning owned by the account owner, with files 644 directories 755 permissions, IMHO, that site should work.

It may not work perfect, you may find errors all over the page about deprecated code for example, but it should work at least somewhat.

If it does not, you visit the Cubecart support forum and ask for assistance with it.

I think there's more going on here with the out of date script and is why I'm asking you to go try for support on the Cubecart forums, if you haven't yet.

From what I've read in your posts, this is not a cPanel issue.

I hope that helps somehow.

 

[keat63]

Maybe my issue has been account related.
Again, not really knowing whether i'm doing this right or wrong.
I'll have a look at creating a new basic account and try from there.

I'm more than willing to learn

 

[keat63]

ahhhh "Package"
Let me tinker a little more and come back tomorrow.


As regards being under pressure. The site is currently on a shared host, where the mail server keeps getting blacklisted because of spammers and/or hackers.
I figured that we might be better off going it alone.

I want to be sure that I'm happy with standing on my own two feet (so to speak) before jumping in and going live.
The boss doesn't really understand that.

 

[keat63]

I just found something in an earlier thread about Ruid2 and SUphp not working together.
I can see in my PHP config that Ruid2 is enabled, but i see no way to disbable this.

 

[cPanelMichael]

I just found something in an earlier thread about Ruid2 and SUphp not working together.
I can see in my PHP config that Ruid2 is enabled, but i see no way to disbable this.

You can disable Mod_Ruid2 via EasyApache:

/scripts/easyapache

Or;

"WHM Home » Software » EasyApache (Apache Update)"

It's documented here:

Mod_Ruid2

Thank you.

 

[keat63]

I'll take a look, and report back.

Thanks