cPanel – wrong PHP version when running composer in cPanel’s user account shell

If you’re reading this, you are probably having an issue because your composer is returning wrong (system default – native) PHP version. In this case, I tried to change to set PHP CLI version for composer from 7.2 to 8.2. In my case, this was done on CloudLinux environment where alt-php versions are in /opt/alt/. If you are using different PHP manager, find where your PHP binaries are.
I was getting this error:

[thisisme@cp ~]$ composer install
  Problem 1
    - Root composer.json requires php >=8.1 but your php version (7.2.34) does not satisfy that requirement.

You have to call composer with correct PHP binary. In my case, binary for version 8.2:

[thisisme@cp ~]$ /opt/alt/php82/usr/bin/php /opt/cpanel/composer/bin/composer diagnose
Checking platform settings: OK
Checking git settings: OK git version 2.43.2
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking rate limit: OK
Checking disk free space: OK
Checking composer version: You are not running the latest stable version, run `composer self-update` to update (2.6.5 => 2.8.5)
Composer version: 2.6.5
PHP version: 8.2.27

If you don’t want to execute this huge line every time you want to run composer command, create a simple alias, and you should be set:

[thisisme@cp ~]$ vi .bashrc
# add this to the end of the file
alias composer=”/opt/alt/php82/usr/bin/php /opt/cpanel/composer/bin/composer”
[thisisme@cp ~]# source .bashrc

And now you can run simpler version:

[thisisme@cp ~]$ composer diagnose
Checking platform settings: OK
Checking git settings: OK git version 2.43.2
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking rate limit: OK
Checking disk free space: OK
Checking composer version: You are not running the latest stable version, run `composer self-update` to update (2.6.5 => 2.8.5)
Composer version: 2.6.5
PHP version: 8.2.27

cPanel – Roundcube error – “Error: Server Error(OK)”

One of the email accounts suddenly experienced trouble when searching in Roundcube. After a while, error occurred to user: “Error: Server Error(OK)”. At first, I thought it was a dovecot index problem, so I regenerated them, but the error was still there. Then I thought that may be IMAP server timeout, but it wasn’t a case, because it worked in mailboxes that were larger than this one.

Inside mail log I saw error below. But the mailbox wasn’t corrupted:

[01-Dec-2022 12:22:38 Earth/Universe] Unexpected condition from IMAP server, closed or corrupt connection to IMAP. Possible mailbox corruption.

This was an error inside Roundcube error log (“/home/username/logs/roundcube/errors”). This error didn’t seemed with issue that was experienced – search error, but cPanel support stated that is related to database corruption.

[01-Dec-2022 12:23:38 Earth/Universe]: <77d0888c> DB Error: [1] no such table: collected_addresses (SQL Query: SELECT * FROM "collected_addresses" WHERE "user_id" = '1' AND "type" = '2' AND ("email" LIKE '') ORDER BY "name" ASC, "email" ASC LIMIT 10) in /usr/local/cpanel/base/3rdparty/roundcube/program/lib/Roundcube/rcube_db.php on line 566 (GET /cpsess4226161538/3rdparty/roundcube/index.php?_task=addressbook&_action=photo&

So, I tried to regenerate Roundcube database for this user (and backup old one first, of course):

[root@cpanel ~]# cd /home/username/etc/
[root@cpanel]# mv user.emailaddress.rcube.db user.emailaddress.rcube.db.backup

Then, just login into Roundcube again and, a new db file should be generated. This sorted out the issue with search functionality.

Migrate email accounts to different user account on the same cPanel server

Maybe you’ll want to merge two separate cPanel accounts on the same server, but you won’t be able to, because you can’t simply just delete domain from the first account, and you can’t add domain to the second account because it exists on the first one :).

You can migrate email and other user data simply, by creating backup of user account and delete it from cPanel. Below, I will show how to migrate just email. But you can also migrate websites like this.

  1. Make copy of primary user account (if websites, also make sure to dump databases of that user)
    root@cpanel [/home]# cp -rp useraccount1  useraccount1.bak
  2. Make copy of email aliases of primary account so they wont get lost after delete of primary account
    cp /etc/valiases/ /etc/valiases/
  3. Delete primary user account in cPanel – useraccount1 in our case
  4. Add domain of primary account to secondary account (useraccount2). Now you’ll be able to, because domain don’t exist on the system anymore.
  5. Copy settings from primary account from backup to secondary one (the one you added domain to) and set right permissions:
    root@cpanel [/home]# cp -rp /home/useraccount1.bak/etc/  /home/useraccount2/etc/
    chown -R useraccount2: /home/useraccount2/etc/
  6. Copy all email accounts to new account and set right permissions
     cp -rp /home/useraccount1.bak/mail/ /home/useraccount2/mail/
    chown useraccount2:mail /home/useraccount2/mail/
    chown -R useraccount2: /home/useraccount2/mail/*
  7. Recreate alliases
    cp /etc/valiases/  /etc/valiases/

That’s it. You should be able to see email accounts for in new cPanel account. All passwords should remain the same as before.

Cpanel – migrate all email accounts to new cPanel server with existing passwords. No password change

For migration of user accounts between cPanel servers, there is a superb “Transfer tool” which is provided and is part of Cpanel. With it, you can simply migrate all data from one server to another. But what about when you have the same accounts on both servers and you don’t want to overwrite data on a new server? I had one account for which the only email was necessary to transfer. This is not something transfer tool can do because I didn’t want to overwrite account.

If you have many email accounts and you don’t know passwords for them, it is realy pain in  the ass to change all passwords and make transfer via imapsync. But luckily, you can simly copy all email accounts from one Cpanel server to another by copy user’s “passwd” and “shadow” file.

Here is how you can migrate all email accounts from one server to another without changing username/password. All passwords will be transferred.

Continue Reading

cPanel – change email password without cPanel access – edit shadow file

I had issue with cPanel on which license was expired. So web interface wasn’t accessible. One client had situation and need to change email password urgently. Because cpanel wasn’t accessible, he was unable to do so. There is a trick. You can change mail password without accessing cpanel directly. You can modify shadow file and paste new password hash. cPanel stores email passwords in shadow file. Here is how you can do it.

First, you need to generate new password hash in SHA512 format. You can do it with python:

[root@machine ~]# python3 -c 'import crypt; print(crypt.crypt("mynewpassword", crypt.mksalt(crypt.METHOD_SHA512)))'

Then you need to locate shadow file for your user and edit it:

root@cpanel [~]# cd /home/test/etc/
root@cpanel [/home/test/etc/]#
root@cpanel [/home/test/etc/]# vi shadow

Here is original hash for our user. You should change it with hash generated in first step. Change part which is marked with bold:


so it looks like this:


That’s it, you should be able to login in webmail with new password, generated with python – frist step.

Block wp-login and xmlrpc brute force attacks with CSF / cPanel

Another great counter attack to “flooders” on your WordPress installations. This time with CSF firewall. I had massive brute force attacks on WordPress installations on some cPanel server which were causing very high server loads.  Here is great way to block abusers with CSF firewall. Here is how.

First, create custom log from which CSF will be able to search for wp-login.php and xmlrpc.php requests. Edit your /etc/csf/csf.conf like bellow:

CUSTOM1_LOG = "/var/log/apache2/domlogs/*/*"

Because majority of those attacks are from some very well known country’s that are causing problems, you may want to white list country’s from which users shouldn’t be blocked. Add list of white list country’s in CC_IGNORE.

Then you must create custom functions for CSF so it will be able to block those attacks. Add this to your /usr/local/csf/bin/ file. If it’s not there, create one. Then add this:

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) {
return ("WP XMLPRC Attack",$1,"XMLRPC","5","80,443","1");

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/wp-login\.php.*" /)) {
return ("WP Login Attack",$1,"WPLOGIN","5","80,443","1");

Restart CSF and check if LFD is doing his new job. On success you should see something like this:

May 10 11:33:16 cp lfd[589350]: (WPLOGIN) WP Login Attack (PL/Poland/ 5 in the last 600 secs - *Blocked in csf* [LF_CUSTOMTRIGGER]
May 10 11:33:36 cp lfd[589587]: (WPLOGIN) WP Login Attack (TR/Turkey/ 5 in the last 600 secs - *Blocked in csf* [LF_CUSTOMTRIGGER]
May 10 11:34:24 cp lfd[590012]: (WPLOGIN) WP Login Attack (DE/Germany/ 5 in the last 600 secs - *Blocked in csf* [LF_CUSTOMTRIGGER]83247]: (WPLOGIN) WP Login Attack (VN/Vietnam/-): 5 in the last 600 secs - *Blocked in csf* [LF_CUSTOMTRIGGER]

Requests for ignored country’s should look like this:

May 10 11:45:36 cp lfd[591718]: WP Login Attack - ignored
May 10 11:45:41 cp lfd[591718]: WP Login Attack - ignored

I hope this helps. 🙂


CSF – whitelist user from SMTP_BLOCK

CSF features great option SMTP_BLOCK which block outgoing SMTP for all users except root, exim and mailman. I had a problem with one user which was using MailChimp as mass mailing within their application. Because of SMTP_BLOCK it wasn’t working. Disabling SMTP_BLOCK globally is not recommended, you can white list users for which you would like to allow sending.

Go to your CSF settings and find SMTP_ALLOWUSER. Then add user which should be allowed (users separated with coma). Don’t forget to restart CSF.

cPanel email problem – (13): Permission denied: failed to chdir to /home/username

I had this weird issue on one of our production cpanel servers where user’s email stopped working without any reason. Only error that was available was:

T=dovecot_virtual_delivery defer (13): Permission denied: failed to chdir to /home/username

From time to time users document root permissions were set to user nobody and execution privileges were removed. Because of this, email wasn’t working and I couldn’t find out why.

After a lot of headache I googled across this thread. Permissions were altered by cPanel’s File Protect. Somehow file protect recognized this accounts permissions weren’t right. After checking in users account, there was sub-domain created for which document root was set to “/”. This is not valid document root, and because of this, file protect altered users permissions.

I changed document root for this sub-domain and problem was solved. You should also correct user’s permissions on document root after fixing issue with file protect:

chmod +x /home/username
chown username:username /home/username

You should make sure that user accounts permissions are absolutely correct.

Hope this saves some sleep 🙂

© 2025
Hosted by SIEL

About author