Script to change ownership of /home Cpanel users

Script to change ownership of /home Cpanel users

save the below script to a file “”. then change permission ‘777’ for that file.


echo -e “Checking ownership of /home/user \n”
for i in `ls /var/cpanel/users/`
if [ “$i” != “root” ]; then
chown -R $i:$i /home/$i
chown $i:nobody /home/$i/public_html /home/$i/.htpasswds
chown $i:mail /home/$i/etc /home/$i/etc/*/shadow /home/$i/etc/*/passwd
echo $i


Then ./


Cpanel Logs

Applications can log the system activity in two ways, one being according to their autonomous logic & the other through the system’s 
log daemon, well know as syslog..

The syslog daemon’s configuration file /etc/syslog.conf contains all the necessary paths/locations as to where the logs are stored.

Usually the directory /var/log/ is used for the system logs but other applications use the applications specified directories to 
store their log files… Many distributions provide tools to manage and analyze the system logs.

Logrotate is a well known log rotation tool which usually is configured in the /etc/logrotate.conf file.
It may also have additional package-defined configurations in the /etc/logrotate.d/ directory..In order to understand what’s 
happening on the system a brief analysis of /etc/syslog.conf is mandatory for checking the main logs 

Here are some basic log files, their locations & a brief description which can be found in Linux distros [mostly in cPanel ]:
cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new 
cPanel installations..
Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] 
and active services are represented by [+].

Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..

cPanel/WHM Specific Requests and Errors:

cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM…
cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here. If you run into any errors related to license when logging in, check here.
Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.
Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.
cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process 
was initiated..
Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.
Tailwatchd [New]:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

Apache Logs:

General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.
Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal 
server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy 
Domain Access Logs:
Location : /usr/local/apache/domlogs/
Description : General access log file for each domain configured with cPanel.
Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.

Exim :

Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.
Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies 
eg: aliases configured to :fail
Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are 
being written here, and they should be properly investigated..
IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (
login attempts, transactions, spam scoring), along with fatal errors.


FTP Logins and General Errors:
Location : /var/log/messages
Description : General information and login attempts are logged here..
FTP Transactions logging:
Location : /var/log/xferlog or /var/log/messages
Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the 
transactions made by FTP users…


MySQL General Information and Errors :
Location : /var/lib/mysql/$(hostname).err
Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log


Authentication attempts:
Location : /var/log/secure
Description : Logs all daemons which requires PAM Authentication.
Tracking all Bad Logins and Logouts:
Location : /var/log/btmp
Description : Log of all attempted bad logins to the system. Accessed via the lastb command..
Tracking all Logins and Logouts:
Location : /var/log/wtmp
Description : The wtmp file records all logins and logouts.
Last Logins:
Location : /var/log/lastlog
Description : Database times of previous user logins. The lastlog file is a database which contains info on the last 
login of each user.
WebDav or WebDisk Log :
Location : /usr/local/cpanel/logs/cpdavd_error_log
Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users 
to mount their home directory on their personal computer, always having access to the files and content…
Cphulkd Logs:
Location : /usr/local/cpanel/logs/cphulkd_errors.log
Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by 
guessing the login password for that service….
It blacklists IPs that it thinks are trying to run a brute force attack.
Failure Logging:
Location : /var/log/faillog
Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for 
maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have 
ever had a login failure.
Startup/Boot, Kernel & Hardware error messages :
Location : /var/log/dmesg
Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this 
file is referred to by the dmesg command. It shows bootlog and the hardware errors..

How to reset default SSH port on cPanel servers

How to reset default SSH port on cPanel servers

Did you forget SSH port and try to reset it via WHM, Use the following SSH configuration settings on WHM.

Login to your WHM on a non secure port that is : 2086
For example : http://serverip:2086

Then browse the URL to reset the SSH configuration settings :


After running the script, the default port 22 will reset on your cpanel SSH configuration. You can login SSH and reset it.


How to change the SSH port on cPanel Servers?
To change the SSH port on cPanel server. Login via root password and edit the following file.

vi /etc/ssh/sshd_config

Find the line that says Port 22 and change 22 to any number between 1024->65535 and save the file.

Once done, run:

/etc/init.d/sshd restart

Don’t forget to Enable SSH port on your server Firewall (CSF,etc.,). Otherwise you won’t connect SSH.

Add the new ssh port on csf firewall settings..

vi /etc/csf/csf.conf





APF install

cd /usr/local/src/
tar -zxvf apf-current.tar.gz; cd apf-*

You will get the following error when you try to restart/start apf every time.

apf(660): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.

This is because of the development mode enabled in APF configuration file. You can disable it by editing the configuration file.
Details from APF configuration file regarding development mode:

# !!! Do not leave set to (1) !!!
# When set to enabled; 5 minute cronjob is set to stop the firewall. Set
# this off (0) when firewall is determined to be operating as desired.

Edit the configuration file and set DEVEL_MODE=”0″, then restart APF using the command “apf -r“.

Cpanel Server Main IP Change

This KB describes on How to change a Cpanel servers main IP.


Make sure to take a backup of all the files mentioned in this KB.


1: edit /etc/sysconfig/network-scripts/ifcfg-eth0 and replace old server IP with new IP  // assuming eth0 as the primary Device

2: connect the server with LAN IP or IP-KVM

3: restart eth0 device

>> ifdown eth0

>> ifup eth0


3: Edit the following files

>>  /var/cpanel/mainip   //replace old IP with new  IP

>> /etc/ips    //replace new IP with old server main IP

>> /etc/hosts      //replace old IP with new  IP

4: update Cpanel  licence

>> /usr/local/cpanel/cpkeyclt

5: Ran the following script to update domains IP’s

>> for i in `cat /etc/trueuserdomains |cut -d: -f2`; do /usr/local/cpanel/bin/setsiteip -u $i newIP; done    // assuming all domains using the same shared IP’s

How to Distribute EasyApache Files Over Multiple Servers


You can move EasyApache profiles between servers.

Profile are located in the /var/cpanel/easy/apache/profile/custom directory. The filename will be identical to the name with which you save it, plus the .yaml file extension.

After you finish a profile’s configuration, you can move it to the /var/cpanel/easy/apache/profile/custom directory on the destination server.

You can use any available data transfer protocols that you have available.  These protocols include the following:

  • SCP
  • FTP
  • SFTP
  • rsync


For example, the following steps demonstrate how to move a profile called myprofile.yaml with scp:

  1. Run the following command at the command line as the root user:
    scp /var/cpanel/easy/apache/profile/custom/myprofile.yaml !root@$IP:/var/cpanel/easy/apache/profile/custom/myprofile.yaml


     Replace $IP with the IP address of the machine to which you wish to connect

  2. If you choose not to use key authentication, enter the password when you are prompted.
    • The file will transfer to the /var/cpanel/easy/apache/profile/custom directory on the destination server.
  3. Run the following command on the new server:
    /scripts/easyapache --build --profile=myprofile


  • You may also copy raw opts (custom configure flags) and environment variables with the same method and transfer them to the appropriate directory on the new server.
  • You will also need to transfer the Apache profile’s preferences file (/var/cpanel/easy/apache/prefs.yaml) to the remote server.

Cp hulk disable

Disable cphulk from command prompt

Login to mysql.
connect cphulkd
select IP, BRUTETIME from brutes order by BRUTETIME;
delete from brutes;
delete from logins;

/usr/local/cpanel/bin/cphulk_pam_ctl –disable 

For enable

 /usr/local/cpanel/bin/cphulk_pam_ctl –enable

Cpanel Individual Domain zone reloading

The restart of the entire named service for just reloading a domain zone would consume a lot of time. So it is just better to reload the individual zone file by using the following command.

# rndc reload domain IN internal

# rndc reload domain IN external


The command is case sensitive. So please take a look onto that uppercase “IN” in the command