shadow file (for email client) empty
Hello everybody, today I have a weird problem with one of my CPANEL Servers, one of our clients reported that they were unable to login to their email accounts. I found that the file /home/$usermane/etc/$domain/shadow has only one user in it, and there was other file "/home/$usermane/etc/$domain/shadow.roottn.bak" with all the users/and encrypted passwords.
I copied the missing accounts from the .bak file to the original shadow, restarted the dovecot and the problem was solved, BUT....
The problem replicated in several accounts of the server.... what caused it ? Any script that failed ? Which log can I check it to see what happened ?
Thank you very much as always,
Regards.
Gast"n.
-
Hello @Gast"n, It seems like someone with root access to your system manually moved the existing shadow files out of the way. Can you check with any of your system administrators or hosting provider to see if this was done intentionally? Thank you. 0 -
We had today thw same issue...nobody changed it with root access 0 -
Hello, Most probably the account is infected with Bksmile **(RooTTN) On the account do a find: find /home/CpanelUser/ -type f -name "*" -exec grep -l "RooTTN" {} \;0 -
Hell cPanelMichael I have the same issue, i can see there is now accessible from anywhere, as well checked [ command given by orlandobond ] and did not found any malware. My issue bit strange as there is no backup file available on the server, please tell me how can I regenerate the shadow file to get the email id visible on the cPanel Email preview. 0 -
@backupmx - do you have a backup of the overall cPanel account that you could restore? 0 -
thank @cPRex It is now fixed via available cPanel account backup. I have restored particular file from backup 0 -
Great - I'm glad you were able to get that restored! 0
Please sign in to leave a comment.
Comments
7 comments