Can't access any service of CPANEL

Edig

Registered
Jun 16, 2014
3
0
1
cPanel Access Level
Website Owner
Hi,

I have a VPS with CPANEL & WHM. Since today about 11AM, one of my mails start receiving this mails
Code:
RV: Warning: message 1Ww9ds-0008OQ-Et delayed 24 hours
Like 5000 mails or more, this mails it's on a Outlook on Windows, I think that a virus start spamming allot of Yahoo mails and some of them doesn't exist.

Note: I was working in one of my dev domains uploading stuff like 2 or 3 files per minute via FTP

Like 10 minutes after that I can't access WHM, CPANEL, FTP, EMAILS. And any other service from CPANEL

What I can access:
- Normal websites (they are still working and their DB)
- SSH
- MYSQL (I install a second PHPMYADMIN, on my dev domain for faster access and I can access from there, but no from CPANEL)

I already try:
- Reboot server
- Restart CPanel service
- re-assign root CPanel password
- stop firewall (maybe my ip was blocked)

My VPS it's hosted on DigitalOcean.

I'm desperate any ideas?

- - - Updated - - -

Hi sorry for double post, I can't edit the original.

I just try again to login to my server and now I can login to every service. What's going on? maybe a virus hit my server

When I can't access my server y monitor on ssh with #TOP
and I didn't see anything suspicious
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello :)

1. Please review:

"WHM Home » Security Center » cPHulk Brute Force Protection"

If it's enabled, make sure you add the IP address you are connecting from to the white list.

2. As for the email issue, review /var/log/exim_mainlog or your mail queue to see if you can pinpoint the source of the messages.

Thank you.
 

Edig

Registered
Jun 16, 2014
3
0
1
cPanel Access Level
Website Owner
Hi,

About the number 1, I can't access anything on the sever webmail, CPANEL, WHM..
I try
/etc/init.d/iptables stop

And I can't access.

Today I'm trying again and now I can't enter the server again, any service FTP, WEBMAIL, CPANEL, WHM, etc.. I already stop iptables and nothing. Also reboot the server.

I already install clamscan and check for virus I found 52 on email and eliminate all of them.

About the number 2 I already check the source, someone from Russia hack that email and was login via SMTP (I already fix this)

But This is the second time I can't access the server from FTP, CPANEL, WHM? why?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
But This is the second time I can't access the server from FTP, CPANEL, WHM? why?
Is the connection failing completely, or is authentication failing?

Thanks.
 

Edig

Registered
Jun 16, 2014
3
0
1
cPanel Access Level
Website Owner
It's authentication failing, Any user and any password Login Fail, I think that I enter a bad password, so I set a new password to the root user from SSH and I can't access again.

As far I can tell this problem occurs to any IP you try to get it (I try with 2 different IP)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
It seems like the account might be locked by cPhulk brute force detection. If you can't access WHM, try disabling it from the command line. EX:

Code:
for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
/usr/local/cpanel/bin/cphulk_pam_ctl --disable
Thank you.