Server certificate has been changed

[Harikalar Kutusu]

Hi,

I'm out of office and try to solve the problem below later in the day, any advise will be much appreciated.

I have a VDS with about 15 accounts, mostly Joomla based. One of the accounts is blocked due to excessive bandwidth usage last night, just got the e-mail. From cPanel, it seems to be originating from Russia.

The problem is, when I tried to connect the account (any account) through Filezilla/WinSCP I got informed that the server certificate has been changed. I did not use FTP manually for a time now, only automated SFTP backup scripts etc is running from the office.

We could SSH through Putty/Pageant, cPanel or WHM without problem.
The server access is from fixed IP and only with key. We have the following installed:
CSF, ClamAV, Munin, LogWatch.

I also got a security update e-mail from cPanel yesterday, automatic updates are on, WHM 62.0 build 17 is running.

Can the last update change the certificate? Or any idea how it could be changed?
I'll backup/dl sites, logs, look at the e-mails but what should I check first?

 

[Harikalar Kutusu]

Sorry, probably false alert...

They were linking to a video on the website. Probably scripting to eat BW... Turned on hotlink protection and added mp4 to the list, also renamed the file to be safe.

The FTP part: Well, config files were all set to FTP not SFTP, . Probably I did not login after I setup the server host key.

I'm dump, sorry...

 

[cPanelMichael]

Hello,

I'm happy to see the issue is now addressed. Thank you for updating us with the outcome.