Resellers cannot un-suspend accounts suspended by admin

max2000

Verified User
Joined
Nov 7, 2004
Messages
141
Location
Europe
Hi

One intersting problem I have with Direct Admin, is sometimes I must suspend a website hosted my sever and created by a reseller.

However, the reseller can make the account work again without any further action.

That would be great if the reseller can no longuer remove the suspension if this was enforced by the server admin.

Thank you
 
We've had a similar problem; the reseller didn't believe the site owner was a spammer, so didn't want the site suspended.

While I'd like to see this "fixed" if possible, we resolved the problem by letting the reseller know that if they unsuspended the account we'd have to suspend their account.

:rolleyes:

Jeff
 
Yes Jeff, we contact the resellers everytime we suspend one of their customers, but sometimes they doens't care and we end up by suspending everyone.

I have an idea may be...

After suspending, I chown the suspended user account to root:root, so Direct Admin can no longuer crate the public_html link.

What do you think about?
 
max2000 said:
Yes Jeff, we contact the resellers everytime we suspend one of their customers, but sometimes they doens't care and we end up by suspending everyone.

I have an idea may be...

After suspending, I chown the suspended user account to root:root, so Direct Admin can no longuer crate the public_html link.

What do you think about?
In that case why not change the owner of the user to admin? There is a perl script that does that for you, I believe it's called da_usertool.pl

The problem I faced was I suspended the user and did contact the reseller (by mail) but the user contacted the reseller by phone before he got a change to read the mail and unsuspended a spammer.

It would be a nice feature though, a sort of "system suspend" that only the root can unsuspend again. I don't think it would be that hard to implement either.
 
I think my method of :

chown -R root:root useraccount

is dangerous. As result, the suspended users scripts will end up with root rights! If the codes were malicious, they will be even more damaging.
 
if you remove the "x" bit from the directory no process or user can read into the directory.

Don't forget to change it back later.

Jeff
 
Hi, removing the x (execute bit) is a good idea but make sure you've suspended the user first... DA will rewrite the custom protion of the httpd.conf file to point to the suspended page and ban the user from logging in. Then you can remove the x-bit on /home/<username> and everything should work the way you want it :) The reseller cannot change the x-bit and unsuspending the user will cause major errors for the reseller meaning that the reseller will have to contact you to resolve the issues...

I might even be tempted to write a plugin for this (also to keep track of the accounts suspended with the plugin and resuspend them as soon as they've been unsuspended:D).

Regards,
 
You will NOT believe it!

The reseller managed to unsuspend himself and all his users!!!

How he did it? He hacked into my server?
 
Last edited:
on which directory did you remove the 'x' bit?

Are you saying you suspended the reseller and he was able to unsuspend himself?

If you suspend the reseller he shouldn't even be able to log into the server.

If this reseller is in violation of your Terms of Service (we recommend every hosting company have a "Terms of Service") you should possibly immediately change his password and your main server password.

If at that point he can still get access, or if you believe his actions are criminal then you may need to take other action.

Jeff
 
Back
Top