Bob Ulius

Active Member
Jun 7, 2015
25
2
53
Palo Alto, CA
cPanel Access Level
Website Owner
Hi folks,

A while ago my host updated CPanel. Before I had 5 FTP users that I created or system created. The nexyt day there were 4 new, a day or so later 10 more new, then another 4 for a total of 18 unknown FTP users.

All of these are related to Simple Scripts. first is [email protected]. Other 17 all all [email protected].

Questions:

1. I do not recall ever using Simple Scripts. I do not even see it in CPanel. Is there a way to see if I have and if anything is on my host account from Simple Scripts?

2. How do these FTP users get created? Why?

3. Is it safe to remove ALL of these? Anything to be careful of?

I'd appreciate your insight.

Thanks.

~Bob
 

andrew.n

Well-Known Member
Jun 9, 2020
877
329
63
EU
cPanel Access Level
Root Administrator
Bob, These are not being created by cPanel itself so I would suggest get in touch with your host about this as they might use some special tools due to which they are being created though I'm wonder why....

Another idea is that your account is compromised :(
 
  • Like
Reactions: cPanelLauren

Bob Ulius

Active Member
Jun 7, 2015
25
2
53
Palo Alto, CA
cPanel Access Level
Website Owner
Thanks. So hard to get quality assistance from my host but I worry more about changing. Cannot find anything that would lead me to believe it has been compromised, but it could be. I am not expert, just alert. Thought perhaps someone here might have seen this one before.

I can tell you that all of these were created within 72 hours of the update to CPanel, give or take. I cannot find dates on them, but that is roughly the window. And none since.
 

andrew.n

Well-Known Member
Jun 9, 2020
877
329
63
EU
cPanel Access Level
Root Administrator
Did you notice anything else to be changed? Any new file being uploaded etc..? I would definitely get in touch with my host to figure out what's up cos it's not normal.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,282
313
Houston
@andrew.n is indeed correct, these wouldn't be created by cPanel. If they're being created automatically this is definitely something you would want to discuss with your hosting provider. Do let us know what they say.