The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Troubleshoot/Track Server IP Change

Discussion in 'General Discussion' started by squiggie, Aug 27, 2014.

  1. squiggie

    squiggie Registered

    Joined:
    Aug 27, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    We have a vps with GoDaddy. It is a Cent OS 6.5 VPS with WHM/Cpanel installed. Currently, there is only 1 domain hosted on this configuration and it's our main production domain.

    Yesterday, everything on the site stopped working. We couldn't access WHM or cPanel and we couldn't ssh into the server. After opening a support ticket with GoDaddy, they were able to resolve the issue and came back with this as the root cause.

    Now, there is 1 other person who has WHM access to the server, and a couple other people who have cPanel access to the server. I'm fairly certain this change cannot be made with cPanel access but perhaps WHM access. I know I wasn't in WHM at all yesterday and I would not have made any change in ssh to do this.

    I'm curious if there might be a WHM log that can track this so I can see what change might have been made and where to prevent this from happening in the future. My guess is it was an accident, but no one knows what change might have caused it and I cannot find from the system logs anything like this that would have caused the issue.

    Any suggestions or help would be appreciated.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can review the cPanel access log at:

    /usr/local/cpanel/logs/access_log

    Is it possible someone changed the ethernet device configured in "WHM Home » Server Configuration » Basic cPanel & WHM Setup"?

    Thank you.
     
  3. squiggie

    squiggie Registered

    Joined:
    Aug 27, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the response. The only two ip's that accessed cpanel or WHM yesterday before the issue was me and the other admin. Neither of which would have changed that IP address. Also, ssh access logs indicate that only I access ssh yesterday and another user, who does have sudo access, but all they did was chown/chmod some files in their web directory.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It would be helpful to know the exact changes that were made. Is it possible there were changes made from the VPS hardware node?

    Thank you.
     
  5. squiggie

    squiggie Registered

    Joined:
    Aug 27, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I think from our analysis, we're leaning toward something happening at the hardware or routing level and the information we're being fed from the host is bogus. There is no indication that I can tell of any of the changes they're claiming were made. Unless there are more logs to analyze, I just can't see it.
     
  6. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    What type of Virtualization does GD use?? and panel if they use one
     
  7. squiggie

    squiggie Registered

    Joined:
    Aug 27, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Unfortunately I don't know what kind of virtualization they use. It also appears like they use a custom panel. It's nothing standard.
     
Loading...

Share This Page