Multicraft user can't get FTP access (Need help)

Status
This thread has been locked.

Sparko

professional amateur
Supreme
Feedback score
82
Posts
1,986
Reactions
959
Resources
0
Hello,

A few days ago I made a user in multicraft, and gave them full FTP access. It was working fine, however today it doesn't seem to work. It may have been the result of me changing my phpMyAdmin password, however I updated multicraft.conf and config.php properly because my main user can connect to it. I already tried changing the password, making multiple new users, and even connecting with my password for their user but none of those seem to work.

The error on multicraft.log is shown below (I've censored the numbers to zeros at it might be private)

Code:
2017-05-29 18:25:06,951 INFO     FTP: 000.000.000.000:00000-[] FTP session opened (connect)
2017-05-29 18:25:06,951 DEBUG    FTP: 000.000.000.000:00000-[] -> 220 Multicraft 2.1.1 FTP server
2017-05-29 18:25:07,210 DEBUG    FTP: 000.000.000.000:00000-[] <- AUTH TLS
2017-05-29 18:25:07,210 DEBUG    FTP: 000.000.000.000:00000-[] -> 500 Command "AUTH" not understood.
2017-05-29 18:25:07,470 DEBUG    FTP: 000.000.000.000:00000-[] <- AUTH SSL
2017-05-29 18:25:07,471 DEBUG    FTP: 000.000.000.000:00000-[] -> 500 Command "AUTH" not understood.
2017-05-29 18:25:07,730 DEBUG    FTP: 000.000.000.000:00000-[] <- USER Username.3
2017-05-29 18:25:07,730 DEBUG    FTP: 000.000.000.000:00000-[] -> 331 Username ok, send password.
2017-05-29 18:25:07,988 DEBUG    FTP: 000.000.000.000:00000-[Username.3] <- PASS ******
2017-05-29 18:25:07,988 DEBUG    Connecting to MySQL server at 000.0.0.0:0000
2017-05-29 18:25:07,990 ERROR    Failed to connect to MySQL: (1045, u"Access denied for user 'root'@'localhost' (using password: YES)")
2017-05-29 18:25:07,990 ERROR    Database connection failed.
2017-05-29 18:25:10,994 DEBUG    FTP: 000.000.000.000:00000-[] -> 530 Authentication failed.
2017-05-29 18:25:10,994 INFO     FTP: 000.000.000.000:00000-[] USER 'Username.3' failed login.
2017-05-29 18:25:11,252 INFO     FTP: 000.000.000.000:00000-[] FTP session closed (disconnect).
 
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Fire

Always DM me here before dealing via Discord.
Supreme
Feedback score
74
Posts
3,045
Reactions
1,745
Resources
0
"2017-05-29 18:25:07,990 ERROR Failed to connect to MySQL: (1045, u"Access denied for user 'root'@'localhost' (using password: YES)")"

Thats the important part of the log. Its failing to connect to the database. This could be down to two main reasons. Either the password it is trying to use to login, is wrong. Or the user doesnt have perms to access the database. Since its the root user, thats unlikely.

Did you restart multicraft after changing the password in the config?

./home/minecraft/multicraft/bin/multicraft restart
 

Sparko

professional amateur
Supreme
Feedback score
82
Posts
1,986
Reactions
959
Resources
0
"2017-05-29 18:25:07,990 ERROR Failed to connect to MySQL: (1045, u"Access denied for user 'root'@'localhost' (using password: YES)")"

Thats the important part of the log. Its failing to connect to the database. This could be down to two main reasons. Either the password it is trying to use to login, is wrong. Or the user doesnt have perms to access the database. Since its the root user, thats unlikely.

Did you restart multicraft after changing the password in the config?

./home/minecraft/multicraft/bin/multicraft restart
I'm not sure if its the root user, since it's my friend's user that I made for him. How can I restart multicraft?
 

Fire

Always DM me here before dealing via Discord.
Supreme
Feedback score
74
Posts
3,045
Reactions
1,745
Resources
0
I'm not sure if its the root user, since it's my friend's user that I made for him. How can I restart multicraft?
It says its the root user in the root mysql user in the log. Anyhow to restart multicraft run this command:

./home/minecraft/multicraft/bin/multicraft restart

Unless you have a diffrent path you've installed it. But thats the default.
 

Latouth

Troubled on Linux? Ask me!
Supreme
Feedback score
18
Posts
1,213
Reactions
504
Resources
0
Why the actual fuck are you using the root user for multicrap?

Dude. Make a seperate user for both multicraft_panel and multicraft_daemon....
Ugh security people
 

Sparko

professional amateur
Supreme
Feedback score
82
Posts
1,986
Reactions
959
Resources
0
Why the actual fuck are you using the root user for multicrap?

Dude. Make a seperate user for both multicraft_panel and multicraft_daemon....
Ugh security people
I just paid clovux to set everything up, do I just add a new user on phpMyAdmin or do I have to add permissions and such as well?
 

Latouth

Troubled on Linux? Ask me!
Supreme
Feedback score
18
Posts
1,213
Reactions
504
Resources
0
I just paid clovux to set everything up, do I just add a new user on phpMyAdmin or do I have to add permissions and such as well?
Clovux Setup your multicrap?
The fuck... you make seperate users for the multicrap panel & the daemon...


If you make a new user **FOR BOTH SERVICES OF MULTICRAP** on phpmyadmin, you would have to change the panel's config file, and the daemon's config file.
 

Latouth

Troubled on Linux? Ask me!
Supreme
Feedback score
18
Posts
1,213
Reactions
504
Resources
0
wdym? What user permissions do I need to grant?
2 users


1) multicraft_panel
2) multicraft_daemon

they should have their own respective databases for both of those, give both users perms to the right database
 

Latouth

Troubled on Linux? Ask me!
Supreme
Feedback score
18
Posts
1,213
Reactions
504
Resources
0

Fire

Always DM me here before dealing via Discord.
Supreme
Feedback score
74
Posts
3,045
Reactions
1,745
Resources
0
Latouth 's right. You shouldn't really be using the same user for both databases. Especially the root one.

Main reason is segregation. If someone managed to get the password for your panel database. They could break your panel, and you would need to import the default one, and then change your settings again within multicraft. But if you're using the root user and someone got the password, the person could just drop all your databases, breaking your panel, daemon and any other database you have on there. (Stats / bans plugin, forum etc) Forums especially. Most store almost everything in their database.

One way someone could get it, is say if you use a plugin that uses MySQL. If you are using the root user for that too, anyone (say an admin) with FTP access. Would be able to exploit that change anything in your database. He could drop your databases, or even change your Multicraft password, delete your forum etc. There are several ways someone could gain access, that's just one of many.

The person who installed it was likely been lazy using the root user. Since it saves them a little time creating 2 users and giving them perms to access a database each. Cutting corners at the expense of security often ends badly.
 

Sparko

professional amateur
Supreme
Feedback score
82
Posts
1,986
Reactions
959
Resources
0
localhost
Thank you so much ^-^ I have the following users, I'm running Multicraft, Namelessmc, and Xenforo. Any other changes I should make?
users.PNG

Latouth 's right. You shouldn't really be using the same user for both databases. Especially the root one.

Main reason is segregation. If someone managed to get the password for your panel database. They could break your panel, and you would need to import the default one, and then change your settings again within multicraft. But if you're using the root user and someone got the password, the person could just drop all your databases, breaking your panel, daemon and any other database you have on there. (Stats / bans plugin, forum etc) Forums especially. Most store almost everything in their database.

One way someone could get it, is say if you use a plugin that uses MySQL. If you are using the root user for that too, anyone (say an admin) with FTP access. Would be able to exploit that change anything in your database. He could drop your databases, or even change your Multicraft password, delete your forum etc. There are several ways someone could gain access, that's just one of many.

The person who installed it was likely been lazy using the root user. Since it saves them a little time creating 2 users and giving them perms to access a database each. Cutting corners at the expense of security often ends badly.
:( It was $8 so I decided to use their service.
 

Attachments

  • users.PNG
    users.PNG
    29.6 KB · Views: 139

Latouth

Troubled on Linux? Ask me!
Supreme
Feedback score
18
Posts
1,213
Reactions
504
Resources
0
Thank you so much ^-^ I have the following users, I'm running Multicraft, Namelessmc, and Xenforo. Any other changes I should make?
View attachment 63591

:( It was $8 so I decided to use their service.
I'm also $8 to setup multicrap[DOUBLEPOST=1496171312][/DOUBLEPOST]
Latouth 's right. You shouldn't really be using the same user for both databases. Especially the root one.

Main reason is segregation. If someone managed to get the password for your panel database. They could break your panel, and you would need to import the default one, and then change your settings again within multicraft. But if you're using the root user and someone got the password, the person could just drop all your databases, breaking your panel, daemon and any other database you have on there. (Stats / bans plugin, forum etc) Forums especially. Most store almost everything in their database.

One way someone could get it, is say if you use a plugin that uses MySQL. If you are using the root user for that too, anyone (say an admin) with FTP access. Would be able to exploit that change anything in your database. He could drop your databases, or even change your Multicraft password, delete your forum etc. There are several ways someone could gain access, that's just one of many.

The person who installed it was likely been lazy using the root user. Since it saves them a little time creating 2 users and giving them perms to access a database each. Cutting corners at the expense of security often ends badly.
It literally takes 4 extra fucking commands.

CREATE USER 'multicrap_panel'@'localhost' IDENTIFIED BY 'insert_multicrap_panel_password_here';
GRANT ALL PRIVILEGES ON multicrap_panel.* TO 'multicrap_panel'@'localhost';

CREATE USER 'multicrap_daemon'@'localhost' IDENTIFIED BY 'insert_multicrap_daemon_password_here';
GRANT ALL PRIVILEGES ON multicrap_daemon.* TO 'multicrap_daemon'@'localhost';
 
Last edited:
Status
This thread has been locked.
Top