Root Password Changed??? Did CPanel do this?

[kthxbai2u]

I just got back from work, to notice I cannot log in to WHM as root.

I tried the username/password that was working this morning, and failed. I tried a password stored in roboform2go, and it failed... I even copy/pasted my password from my own records, and it still failed...

The only 2 conclusions I can draw, are either a) CPanel / WHM changed my root password, or b) I got hacked and the hacker changed the root password

I find both hard to believe though... WHM has no reason to change the root password. If someone hacked me I would think they would leave the password the same, to stay undetected as long as possible... Also, I would think that my site & my clients sites would all be defaced or offline by now...

Anyone know what might have happened?

Is there a way I can reset the root password without SSH / WHM access? I have asked the DC but they may need the root password to do that... lol.

I have no idea how this happened... I am clueless

Oh forgot to mention, the other reason it can't be a hacker, is because I use a non-standard SSH port, and CPHulk is enabled on the server... All brute force attempts get logged and I have not seen any email notifications yet... Not to mention it should email me on a root login from non-whitelisted IP... I haven't received any of those emails recently...

And the weirdest thing of all is how WHMCS still somehow creates the accounts... Does this have anything to do with the access hash? The access hash never worked before... So I assumed the access hash does not work.

[atheros]

Did you already try to bypass your root password? If you don't know how to do that, you may check in this tutorial, or you can search in Google (or other search engine provider) with keyword "bypass linux root" (without quote).

[kthxbai2u]

Did you already try to bypass your root password? If you don't know how to do that, you may check in this tutorial, or you can search in Google (or other search engine provider) with keyword "bypass linux root" (without quote).

"Booting Into Single-User Mode"

^ requires physical access

Did I not say DC many times in the above post? This aint no 386 in someones basement :P Most people who have webservers do not have physical access to them... And mine is in Germany, that would be an expensive flight to reset root password...

Thanks for the idea anyways...

Anyone from CPanel care to explain or help?

[kthxbai2u]

I have just been informed it was my partner LOL. He said he accidentally sent someone a txt file with the password in it >.<

So sorry, I didn't know my partner knew how to change the root password... Guess he does...

The best prank to pull on root, is to change the root password without telling root haha

Well it seems the problems resolved now.

Thanks