The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't access any service of CPANEL

Discussion in 'General Discussion' started by Edig, Jun 16, 2014.

  1. Edig

    Edig Registered

    Joined:
    Jun 16, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,

    I have a VPS with CPANEL & WHM. Since today about 11AM, one of my mails start receiving this mails
    Code:
    RV: Warning: message 1Ww9ds-0008OQ-Et delayed 24 hours
    Like 5000 mails or more, this mails it's on a Outlook on Windows, I think that a virus start spamming allot of Yahoo mails and some of them doesn't exist.

    Note: I was working in one of my dev domains uploading stuff like 2 or 3 files per minute via FTP

    Like 10 minutes after that I can't access WHM, CPANEL, FTP, EMAILS. And any other service from CPANEL

    What I can access:
    - Normal websites (they are still working and their DB)
    - SSH
    - MYSQL (I install a second PHPMYADMIN, on my dev domain for faster access and I can access from there, but no from CPANEL)

    I already try:
    - Reboot server
    - Restart CPanel service
    - re-assign root CPanel password
    - stop firewall (maybe my ip was blocked)

    My VPS it's hosted on DigitalOcean.

    I'm desperate any ideas?

    - - - Updated - - -

    Hi sorry for double post, I can't edit the original.

    I just try again to login to my server and now I can login to every service. What's going on? maybe a virus hit my server

    When I can't access my server y monitor on ssh with #TOP
    and I didn't see anything suspicious
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. Please review:

    "WHM Home » Security Center » cPHulk Brute Force Protection"

    If it's enabled, make sure you add the IP address you are connecting from to the white list.

    2. As for the email issue, review /var/log/exim_mainlog or your mail queue to see if you can pinpoint the source of the messages.

    Thank you.
     
  3. Edig

    Edig Registered

    Joined:
    Jun 16, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,

    About the number 1, I can't access anything on the sever webmail, CPANEL, WHM..
    I try
    /etc/init.d/iptables stop

    And I can't access.

    Today I'm trying again and now I can't enter the server again, any service FTP, WEBMAIL, CPANEL, WHM, etc.. I already stop iptables and nothing. Also reboot the server.

    I already install clamscan and check for virus I found 52 on email and eliminate all of them.

    About the number 2 I already check the source, someone from Russia hack that email and was login via SMTP (I already fix this)

    But This is the second time I can't access the server from FTP, CPANEL, WHM? why?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Is the connection failing completely, or is authentication failing?

    Thanks.
     
  5. Edig

    Edig Registered

    Joined:
    Jun 16, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    It's authentication failing, Any user and any password Login Fail, I think that I enter a bad password, so I set a new password to the root user from SSH and I can't access again.

    As far I can tell this problem occurs to any IP you try to get it (I try with 2 different IP)
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It seems like the account might be locked by cPhulk brute force detection. If you can't access WHM, try disabling it from the command line. EX:

    Code:
    for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
    /usr/local/cpanel/bin/cphulk_pam_ctl --disable
    Thank you.
     
Loading...

Share This Page