Operating System & Version
CentOs latest one
cPanel & WHM Version
Latest one

It.is.ame

Member
Nov 2, 2020
8
0
1
India
cPanel Access Level
Root Administrator
Hey someone hacked my server and changed the hostname he didnt hacked my root access yet, but i am not able to change hostname from whm i tried changing it but its not changing not getting any error getting success message but nothing happening i tried deleting the dns zone of malicious sote but its coming back after a little time. But on my vps ssh the hostname is setted to correct hostname, can anyone help me?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,287
303
213
cPanel Access Level
Root Administrator
Hey there! It would seem odd that your server was compromised and the only thing that was changed was the hostname. That would require root access to the system, and the server would need to be considred root compromised.

It's much more likely that the hostname wasn't setup properly on the VPS parent, so it was reset. However, if you are seeing DNS zones created on the system that aren't linked to any account, and that matches what the hostname was changed to, that would also indicate a root compromise.

Can you let me know what the hostname was being reset to? cPanel has setup automatic hostnames in recent versions so if you're seeing "cprapid" in the name that is part of the cPanel tools and not something to be worried about.
 

It.is.ame

Member
Nov 2, 2020
8
0
1
India
cPanel Access Level
Root Administrator
Hey there! It would seem odd that your server was compromised and the only thing that was changed was the hostname. That would require root access to the system, and the server would need to be considred root compromised.

It's much more likely that the hostname wasn't setup properly on the VPS parent, so it was reset. However, if you are seeing DNS zones created on the system that aren't linked to any account, and that matches what the hostname was changed to, that would also indicate a root compromise.

Can you let me know what the hostname was being reset to? cPanel has setup automatic hostnames in recent versions so if you're seeing "cprapid" in the name that is part of the cPanel tools and not something to be worried about.
Hey there! It would seem odd that your server was compromised and the only thing that was changed was the hostname. That would require root access to the system, and the server would need to be considred root compromised.

It's much more likely that the hostname wasn't setup properly on the VPS parent, so it was reset. However, if you are seeing DNS zones created on the system that aren't linked to any account, and that matches what the hostname was changed to, that would also indicate a root compromise.

Can you let me know what the hostname was being reset to? cPanel has setup automatic hostnames in recent versions so if you're seeing "cprapid" in the name that is part of the cPanel tools and not something to be worried about.
Hostname changed to: tophane.turkadns.com

I know its need root access to change hostname but i have not rcved any maill, usally whenever i login to my server using vpn its sends an email that this ip is logged into pannel.
 

It.is.ame

Member
Nov 2, 2020
8
0
1
India
cPanel Access Level
Root Administrator
Hostname is setted correctly on my vps as i am checking through ssh its setted correctly, but on whm root the hostname and dns are setted to wrong one i tried changing them but its not working.

I did ' curl -i myip:2087 ' after running this command its showing that: 301 moved
Location: cpanel.mkdhost.org:2087
Blah blah.

This mkdhost.org is not mine.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,287
303
213
cPanel Access Level
Root Administrator
That's the name of your hosting provider, and also why I think they need to make the adjustment. When you are hosted on a VPS system the hostname also has to be adjusted on the parent, and not in WHM. For example, we have this article specifically for Virtuozzo environments:


but contacting the host is the best way to get this permanently resolved.