While working on one of my servers, I noticed that there are a bunch of root shell commands in the history that I never entered: echo Cpanel::SSHControl::Expect::Reset::miZkeAyqwM2PxU6o export LANG=C; export TERM=dumb; export PS1="Cpanel::SSHControl - \TcPs# ";export PROMPT_COMMAND=""; stty raw; echo $0; echo; echo exit There are several more with account-specific language that resembles some modifications that I actually did a few days ago, but why is this stuff appearing on the root shell history? I'm treating it like an exploit. The file /usr/local/cpanel/Cpanel/SSHControl.pm seems to be a legit cPanel Perl module, but it just showed up on July 14th. Anybody have any ideas what's going on here? I see that the file exists on at least one of my other servers (dated July 9th), but the shell commands are not in the history on that machine. I'm wondering if this is a new cPanel feature that is already being exploited by miscreants.