ISPConfig 3.0.5.3 New Client & CP User problem

Discussion in 'General' started by alotofbacardi, Oct 24, 2013.

  1. alotofbacardi

    alotofbacardi New Member

    Debian 6.0.8
    ISPConfig 3.0.5.3

    When creating a new client, ISPconfig doen't create new CP user automatically.
    After pressing "Save" button on "Add client" tab, just blank page appears.
    Pressing "Edit client", I can see it, but when I press "Log in as" button this text appears:
    ------------------
    #0 db->query(SELECT username, passwort FROM sys_user WHERE userid = ) called at [/usr/local/ispconfig/interface/lib/classes/db_mysql.inc.php:172] #1 db->queryOneRecord(SELECT username, passwort FROM sys_user WHERE userid = ) called at [/usr/local/ispconfig/interface/web/admin/login_as.php:64]

    Do you want to login as user ?
    If you do so, you can "go back" by clicking at logout.
    ---------------------

    I can add CP user manually, but I think that's not a solution.

    Don't see any problems at debug window
    24.10.2013-22:15 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    /usr/bin/fail2ban-client
    /sbin/iptables
    /sbin/ip6tables
    24.10.2013-22:15 - DEBUG - Found 1 changes, starting update process.
    24.10.2013-22:15 - DEBUG - Processed datalog_id 1187
    24.10.2013-22:15 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished.

    Any ideas?
     

    Attached Files:

    Last edited: Oct 25, 2013
    alotofbacardi, Oct 24, 2013
    #1
  2. alotofbacardi

    alotofbacardi New Member

    Seems like a problem with apache:
    [Thu Oct 24 23:15:13 2013] [warn] [client XX.XX.XX.XX] mod_fcgid: stderr: PHP Warning: exec() has been disabled for security reasons in /usr/local/ispconfig/interface/web/client/client_edit.php on line 154, referer:https://xxx.x.xx:8080

    How to solve this?
     
    alotofbacardi, Oct 24, 2013
    #2
  3. alotofbacardi

    alotofbacardi New Member

    futher investigation shows, problem with suhosin
    Oct 24 23:15:13 vm1 suhosin[3527]: ALERT - function within blacklist called: exec() (attacker 'XX.XXX.XX.XXX', file '/usr/local/ispconfig/interface/web/client/client_edit.php', line 154)

    how to define exception for ispconfig?
     
    alotofbacardi, Oct 25, 2013
    #3
  4. alotofbacardi

    alotofbacardi New Member

    I' ve solved the problem.

    edit file:
    /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter

    add
    -d suhosin.executor.func.blacklist none
    to the end

    it should look like:

    #!/bin/sh
    PHPRC=/etc/php5/cgi/
    export PHPRC
    export PHP_FCGI_MAX_REQUESTS=5000
    export PHP_FCGI_CHILDREN=1
    exec /usr/bin/php-cgi -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/server/temp -d suhosin.executor.func.blacklist none
     
    alotofbacardi, Oct 25, 2013
    #4

Share This Page