Cpanel errors

[Tue Aug 18 16:28:04 2015] [error] [client] ModSecurity: Audit log: Failed to create subdirectories: /usr/local/apache/logs/modsec_audit/exclusi3/20150818/20150818-1628 (Read-only file system) [hostname ""] [uri "/index.php"] [unique_id "VdOjZNg3iukAAFLEtGYAAAAH"]
If I disable mod security on the account, then I get Mod ruid errors

Disable mod security

[Tue Aug 18 16:29:49 2015] [error] [client] SecurityException in Application.cpp:186: Do not have root privileges. Executable not set-uid root?
[Tue Aug 18 16:29:49 2015] [error] [client] Premature end of script headers: index.php

I had to disable modsecurity and then uncheck “EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell” enabled under the “Security” tab in “WHM >> Tweak Settings”.

Find and disable specific ModSecurity rules

ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests.

Note: Using SecRuleEngine Off in your modsecurity configuration, you won’t want to put that in your ModSecurity configuration file. As that completely turns off ModSecurity. The SecRuleRemoveById setting is used instead to only disable one specific rule.

If you are seeing errors in you apache log files for a domain such as:

[Sat Jul 25 16:34:57 2015] [error] [client ??.7.??.??] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "111"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"][severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname ""] [uri "/skin/frontend/base/default/js/cadence/lib/jquery.cookie.js"] [unique_id "VbQdIdg3u9IAAB9DPQkAAAAH"]

Mod _security is doing its job. If this is a valid script, you can make a change and allow it.
Run the following from ssh:

# grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n

The results will look like this:

 # 100 1234123404 /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js

ModSecurity rule ID 1234123404 has been triggered at least 100 times when accessing /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js file.

In order to disable just the specific ModSecurity rule for the 1234123404 rule, run the following command:

# echo "SecRuleRemoveById 1234123404" >> /usr/local/apache/conf/userdata/std/2/userna5/

You can also search for the rule in WHM/cPanel at Home »Security Center »ModSecurity™ Tools » Rules List

Note the error in the log file – the ID:

# [id "1234123404"]

This is the rule. Search for this at Home »Security Center »ModSecurity™ Tools » Rules List.


You can click disable to allow the script.


Private Nameservers in WHM

1. Assign the Nameserver IP Addresses in WHM

In WHM, navigate to the left hand menu option “Basic cPanel/WHM Setup” and do the following:

Set the Primary Nameserver to
Then click Assign IP Address.
Repeat this for the Secondary Nameserver section, using
On the bottom of the page, click Save.

2. Setup the Nameserver a Records in WHM

While still in the “Basic cPanel/WHM Setup” section, do the following:

Beside the Primary Nameserver entry, click the “Add an A record entry for this nameserver” button
Repeat this for the Secondary Nameserver section

If you have already created a hosting account on your cPanel server for the domain you are using for your nameservers, performing the A record creation steps above should just create an entry for each nameserver in the existing DNS zone for the domain. However, if you have not yet(or do not intend to) set up a hosting account for the nameserver domain, the steps above will create individual DNS zones for each nameserver you have setup.

NOTE: If you are not hosting the main domain used for the nameservers on the same server, you will need to ensure you have added A records for the nameservers into the DNS zone for the domain with the domain hosting provider.
3. Restart the DNS Service

You should now just be able to restart the DNS service by doing the following:

Navigate to the “Restart Services” section in the left hand men;
Select “DNS Server (BIND/NSD)”
Hit the yes button in the right hand frame.

4. Register Your Nameserver Hosts with Your Domain Registrar

Before the nameservers we’ve just set up in WHM will work, you need to make sure that the correct details have been configured with your domain registrar. Each registrar handles the setting up of private nameservers differently so you should contact them to determine the method they use. Some let you control the setup from your domain control panel, however some require their administrators to create the nameserver entries for.

The most important point to make when contacting your registrar is that you wish to create private nameserver hosts to use with your own hosting server(some refer to these as child nameservers or domain hosts). Occasionally you will strike level 1 support staff who do not fully understand what you wish to do and may provide you incorrect instruction unless you specify this.

Once you know how they do it, you just need to set up the nameservers in their system as below:

Enter the names you would like to use; e.g. and
Enter the corresponding ip addresses details from your server that you wish to use.

Done!…Hopefully you now have working nameservers attached to your own domain.

Warning: Unknown: open(/tmp/sess, O_RDWR) failed: Permission denied (13) in Unknown on line 0

For a cpanel server, this error can exist.

# cd /tmp

particular session file is owned by the user/group of nobody/nobody.

-rw------- 1 nobody nobody 48 Apr 20 04:29 sess_v6bo3v7ta0pirob4lrf8dmrqd2

the rest of the sessions look like the following.

-rw------- 1 domainname domainname 48 Apr 21 06:08 sess_cdc929c2bf695826d3b1e34fe1e65866

1. change the owner of the files to the right user/group or delete the ones that are wrong so that they can be recreated.

The reason they are getting created this way would be because the PHP instance on that site is running as an apache module instead of CGI or fCGI. so the scripts are being run as the apache webserver user a.k.a. nobody/nobody.

The backup was not able to be completed because timed out…cPanel

cPanel default backup system may fail to create and save backup of your server and send you following message:
The backup was not able to be completed because timed out waiting for /bin/backup to finish

Possible cause of the problem

Any old backup process is still running in background on the server.

Login to your server as root via SSH and execute following command

# /usr/local/cpanel/bin/backup --force

Most probably it will show you following type message:

Backup process currently running. Pid: 5378
Backup log file: /usr/local/cpanel/logs/cpbackup/1377934812.log


We need to kill the current running backup process. Note the Pid from above and run following command. Change xxxx to Pid number that you have got from above.

# kill -9 xxxx

cPanel backup should now run normally. You can force to start a new fresh backup process using below command:

# /usr/local/cpanel/bin/backup --force