CAGEFS PROBLEM

[gnubrasil]

hello I'm getting frequent attacks from ips that I can't identify that cause the files to be dropped and stolen on the sites the main site affected among these was Web Hosting, Domain Name Registration - MyDomain.com that I had to remove all the files today the attack got angrier and several times there were gigantic files with more than 2GB in the folder ( .cagefs) I would like to know the reason for the suspension and how we can get around it since the biggest affected so far is me, although I am as careful as possible with .htaccess and other files not I am able to stop attacks of a greater nature, so I get in touch to clear my doubt as to what is causing this glitch that results in blocking and suspension.

Problems with external access (HACKERS) to files in TMP and .CAGEFS CRON JOBS solution ("find /path/to/folder -type f -mtime +30 -delete". ) So the FILES created with more than 2GB in this folder are deleted , good luck everyone,

and CPANEL Solve this problem

What really happens is that for the linux cloud it seems that you are either sending bulk SPAM emails or are committing some infraction, My provider guarantees me 25GB of files on the HOST but CPANEL sends me alerts With 15GB and even doing the cleaning you continue to receive "QUOTA EXCEEDED" Considered guilty and without the right to resources the TMP folder in .CAGEFS that creates files with more than 2G each time the site is accessed for no apparent reason or without a specific function, things have evolved and are time to see the real need for these temporary files

 

[cPRex]

Hey there! Do you have root access to the server, or just access to the single cPanel account? If the issue is just isolated to one cPanel account, and you don't have root access to the server, you'd want to speak with your hosting provider to see if they would be able to check this. It is likely they have configured the server to suspend the account due to disk usage or bandwidth usage.

 

[gnubrasil]

I contacted the host's service provider, however they are unable to identify this type of issue. The problem is generated when creating several files in the TMP folder in the Folder :CAGEFS , several files of 6 to 7 bytes are created containing numerical sequences and for some reason or breach on the server side or as I believe in the communication between CPANEL and CLOUDLINUX, EMAIL SERVERS AND ETC.... It's not a matter of bandwidth or anything else, MY ACCOUNTS AND SITES SUSPENDED with allegation of sending mass emails, but there was never even a list that was sent from the servers, let alone a single screen capture that proves the sending or receiving of these emails, The account in the PROVIDER remained active and operational, but in the CPANEL it was blocked and all the domains presented the following message of suspended accounts.

 

[gnubrasil]

In any case, I have already stopped using these services and am migrating to another one, however, note that this can cause serious damage if these files in the /.cagefs/tmp folder with more than 2GB contain sensitive data instead of simple numerical sequences, there is a flaw which must be fixed and quickly, all affected sites were operational until the PAPER LANTERN version on the same provider, today I no longer have a contact and still looking for a blunt solution so that this does not happen again. Thanks

One solution found for this was to use the following CRONJOBS
"find /path/to/folder -type f -mtime +30 -delete"
Which, despite being pallative, prevents an attacker from finding a temporary folder full of data. Which (in my point of view is obsolete) because it counts accesses to the site etc... (which can be done by other means). Thanks

 

[cPRex]

It sounds like there was more to the issue than a problem with CageFS. If you see this happen again and you can get root access to the system, please submit a ticket to our team so we can investigate this.