Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Root suspended account ..... but what actually happened?

Discussion in 'General Discussion' started by S400, Jul 5, 2017.

  1. S400

    S400 Registered

    Jul 5, 2017
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Website Owner

    Maybe I have signed up to the right or wrong group .... but I have no idea where I can get an answer from - so starting in this group.

    Below I have put the text of a message I received today. "root" suspended my account, though the ISP Provider has now restored it.

    BUT .... I cannot get ANY information that I can understand about the problem that caused my web site and email accounts to be suspended.

    1. What does following message mean?
    2. What (high level - not too technical) was done?
    3. What should I do to prevent it from happening again?
    I have anonymised the IP addresses involve:-

    Offending/Source IP:
    - Issue: Host banned for sending commands meant to run commands via the local shell. This is often found with bots sending raw PHP commands to malware.
    - Block Type: New Ban
    - Time: 2017-mm-dd hh:mm:ss-07:00
    - Port: 80
    - Service: http
    - Report ID: 17f033da-1816-4edd-be41-xxxxxxxxxxxx
    - Bot Fingerprint: a394f5edde9b2eee3d4ba733838713bf
    - Bot Information: [Removed]
    - Bot Node Feed: [Removed]
    - Abused Range: [Removed]
    - Requested URI: /right_column.php
    - User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
    - GET/POST Arguments Sent: sc, _f_wp, ev​
    #1 S400, Jul 5, 2017
    Last edited by a moderator: Jul 5, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    It looks like a message from your web hosting provider notifying you that your shared hosting account was suspended due to abuse by a PHP script uploaded to your account. You'd need to review the "right_column.php" file to determine what it does , or consult with your web hosting provider to see if they can provide you with additional information regarding the reason they suspended your account.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice