godaddy and ssh and cron

In the beginning, say from 2000-2013 or 14: my username is azbikelaw (probably not a surprise or a revealing security hole, seeing as how it is in the domain name); and I use that to log into ssh and everything is spiffy. When logged in to ssh, e.g. I see my files are “owned” by azbikelaw. So far so good.

my HOME variable is below, (the web serves the folder html from that folder, by the way). Everything is fine.

/var/chroot/home/content/90/4318490

About 2 years ago, i created an ftp user, let’s call it ftpuser and created a home folder for that user html/ftpuser. All is well.

A couple of months ago; approx August 2014, I notice something odd; when i ssh in (with azbikelaw), my files are now owned by ftpuser, instead of azbikelaw. Strange.

I have a cron job that runs once a day, and sends me an email. This has been running just dandy since like late 2013 when I found my files had been “pharma” hacked. Beginning around August 28, 2014 I realized I am no longer receiving the daily emails. I called godaddy tech support in early Sept and they put me on hold and then tell me they’re gonna restart the cron service and that will fix me up. It didn’t. I call back later in Sept and tell them; after being put on hold a lot (they do that when the phone tech is talking to the linux tech); they placed a job into my cron and it did in fact execute. The job they place in was; which i thought was pretty clever (i’m not really familiar much with linux); this will create the file if need be and/or just update the date:

 /bin/touch /home/content/90/4318490/html/crontest.txt

When i complained my jobs still (apparently, to me seemed to be) not running, they told me to not use $HOME. The first level phone tech people just aren’t helpful… to make an already long story not as long, When a cron job runs, I discovered $HOME was

/var/chroot/home/content/90/4318490/html/ftpuser

wtf!? And also furthermore cron is supposed to email me any output, and the emails stopped in late August as well. Unpeeling that onion I discovered godaddy has a few little tricks: they replaced sendmail with a perl script called /usr/sbin/gdmailwrap.pl (that’s a copy. get it? go daddy mail wrapper)and, once again, the trouble revolves around them messing up/with my home directory variable; it’s insisting there be a folder called home/mailquota//90/4318490/html/ftpuser , with a file called mailquota.log in it. Curiously, php can still send emails (e.g. my wordpress site sends emails) just fine; which seems odd. Anyway, it turns out the “real” sendmail is still accessible, so in my cron job I just added this line to have it send me the file body.txt

/usr/sbin/sendmail.real me@mail.com <body.txt

Bigdiff

So the whole point of this is to run this job daily that compares yesterday’s file list and checksums to today’s and emails me the differences

#!/bin/sh
set -x 
# used to have set -e but that would cause script to terminate after the diff, so i commented it. the -x prints commands; probably don't need any set
f=bigdiff.txt
#this will hopefully fix up troubles i had with godaddy's HOME variable
cd /var/chroot/home/content/90/4318490

# this will fail if these files don't exist
rm "$f".old
mv "$f".new "$f".old

echo "what fun we are having on" >> html/"$f"
date >> html/"$f"

find ./html/ -type f -exec sha1sum {} \; >"$f".new

# (old scheme): 'find' all files but exclude links and directories because they cause sha1sum to exit with an error
# find html/blog/ ! -type l ! -type d -print0 |xargs -r0 sha1sum >"$f".new
# find html/ ! -type l ! -type d -name "*.php" -print0 |xargs -r0 sha1sum >>"$f".new
# sha1sum ./html/.htaccess >>"$f".new

# i can't remember what the deal is with the two vertical bars??
# diff "$f".new "$f".old || [ $? -eq 1 ]
diff "$f".new "$f".old >>html/"$f"

/usr/sbin/sendmail.real me@mail.com <html/"$f"

.