My WHM/cpanel account hacked? No access to root

Kookidooki

Member
Jan 10, 2014
5
0
51
cPanel Access Level
Website Owner
Hello guys at WHM / cpanel.
I'm devasted and need urgent help!

I guess someone got access to my server and WHM/cpanel account.
By coincidence I've found out that I don't have access anymore to the root.
There's also no link to reset the password. Looks like someone hacked my root and changed the password.

Cpanel/ WHM could you please check and reset the password?

Thank You!
 
Last edited by a moderator:

andrew.n

Well-Known Member
Jun 9, 2020
633
183
43
EU
cPanel Access Level
Root Administrator
If the root password has been changed and you didn't setup your SSH key to login to the server then you need to reset it manually. If this is a VPS this is usually possible in their control panel. If this is a dedicated server then it needs to be done manually by booting the server into single user mode. In that case I suggest hiring a Certified cPanel Professional from System Administration Services to get this done for you as it's not that straight forward process.
 

Kookidooki

Member
Jan 10, 2014
5
0
51
cPanel Access Level
Website Owner
This problem never happened before. The last time I got access to my WHM/cpanel was 2 wks ago..

Did cpanel / WHM do some updates last 2 wks?
 

andrew.n

Well-Known Member
Jun 9, 2020
633
183
43
EU
cPanel Access Level
Root Administrator
cPanel/WHM updates shouldn't cause this. It is possible that somehow the firewall on the server or cpHulk might blocked you...give it a try from another computer or mobile to see if you can connect.
 
  • Like
Reactions: cPRex

shahidi

Active Member
Mar 2, 2006
28
0
151
This problem never happened before. The last time I got access to my WHM/cpanel was 2 wks ago..

Did cpanel / WHM do some updates last 2 wks?
I had the same issue with multiple servers and VPS from 17Feb.
I think something wrong happened in cPanel but I am not sure.
 

shahidi

Active Member
Mar 2, 2006
28
0
151
I lost my root password and with the rescue I discovered them.
I did lots of scans on the servers and there were r4.html on all accounts with the owner of root:root.
lots of phishing and logins directly to cpanel from different IPs.
 

andrew.n

Well-Known Member
Jun 9, 2020
633
183
43
EU
cPanel Access Level
Root Administrator
uh...looks like your server got compromised after all...I'm sad to hear that :(
 

PeterN123

Member
Aug 4, 2021
12
1
3
Australia
cPanel Access Level
Root Administrator
I lost my root password and with the rescue I discovered them.
I did lots of scans on the servers and there were r4.html on all accounts with the owner of root:root.
lots of phishing and logins directly to cpanel from different IPs.
Hi Shadidi,

Sorry to bump an old thread, did you allow users to have SSH access? Can it be that your users account got compromised first?