Server Wiped on cPanel Updates
We have a troubled server, which keeps wiping on cpanel updates.
Once the update starts to run, 'rm' appears on top, and within a few seconds /boot /usr /home / and /etc are wiped completely. It appears something is being triggered (malicious) when the cPanel update starts. We've tried all the normal means to track down the potential issue, and have extensive security in place, but something keeps getting through.
Does anyone have any suggestions, on where we could look?
Last edited by i3903; 07-19-2007 at 05:10 PM.
Please define "extensive" security.
If you do have an extensive protection sheild in place from the outside world, what about internally?
Does more than one person have root access?
Have you checked for any additional root accounts?
It sounds (to me) like someone or something has coded the rm command into the updater. Perhaps you should log a ticket with cPanel Support to get them to have a closer look.
Link: https://tickets.cpanel.net/submit/in...eqtype=tickets
Check that your /scripts/ directory has not been hijacked. Specially look at /scripts/upcp, any /scripts/*up or /scripts/post* scripts that are present.
LinkBack URL
About LinkBacks
Reply With Quote