squiggie

Registered
Aug 27, 2014
4
0
1
cPanel Access Level
Root Administrator
We have a vps with GoDaddy. It is a Cent OS 6.5 VPS with WHM/Cpanel installed. Currently, there is only 1 domain hosted on this configuration and it's our main production domain.

Yesterday, everything on the site stopped working. We couldn't access WHM or cPanel and we couldn't ssh into the server. After opening a support ticket with GoDaddy, they were able to resolve the issue and came back with this as the root cause.

Upon review of your server access issue, it appears you made changes that have made cPanel/WHM use your secondary IP as the primary IP. Additionally, you made it so that SSH uses the secondary IP.
Now, there is 1 other person who has WHM access to the server, and a couple other people who have cPanel access to the server. I'm fairly certain this change cannot be made with cPanel access but perhaps WHM access. I know I wasn't in WHM at all yesterday and I would not have made any change in ssh to do this.

I'm curious if there might be a WHM log that can track this so I can see what change might have been made and where to prevent this from happening in the future. My guess is it was an accident, but no one knows what change might have caused it and I cannot find from the system logs anything like this that would have caused the issue.

Any suggestions or help would be appreciated.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

You can review the cPanel access log at:

/usr/local/cpanel/logs/access_log

Is it possible someone changed the ethernet device configured in "WHM Home » Server Configuration » Basic cPanel & WHM Setup"?

Thank you.
 

squiggie

Registered
Aug 27, 2014
4
0
1
cPanel Access Level
Root Administrator
Hello :)

You can review the cPanel access log at:

/usr/local/cpanel/logs/access_log

Is it possible someone changed the ethernet device configured in "WHM Home » Server Configuration » Basic cPanel & WHM Setup"?

Thank you.
Thanks for the response. The only two ip's that accessed cpanel or WHM yesterday before the issue was me and the other admin. Neither of which would have changed that IP address. Also, ssh access logs indicate that only I access ssh yesterday and another user, who does have sudo access, but all they did was chown/chmod some files in their web directory.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
It would be helpful to know the exact changes that were made. Is it possible there were changes made from the VPS hardware node?

Thank you.
 

squiggie

Registered
Aug 27, 2014
4
0
1
cPanel Access Level
Root Administrator
It would be helpful to know the exact changes that were made. Is it possible there were changes made from the VPS hardware node?
Thank you.
I think from our analysis, we're leaning toward something happening at the hardware or routing level and the information we're being fed from the host is bogus. There is no indication that I can tell of any of the changes they're claiming were made. Unless there are more logs to analyze, I just can't see it.