The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM Issue - Please Help

Discussion in 'General Discussion' started by rllunzmann, Apr 24, 2008.

  1. rllunzmann

    rllunzmann Member

    Joined:
    Apr 24, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hello everyone,

    Lately, i have seen the strangest issue ever. For the past two days this has been going on and just started happening out of the blue. I have changed my root password on one of my managed servers that is only managed by me.

    For two days now, a particular domain has been suspended without my intervention. This has happened twice now. And today the domain is completely gone from my WHM account list...

    What would cause this? I know that the root password was recently changed like yesterday but this issue keeps occurring. First the domain would be suspended and no it is being deleted everyday.

    Please help,
    Ryan
     
  2. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Sounds like someone else is "managing" your server too.

    I would really dig around in logs, check on the specifics of that account to see if their is a spike in bandwidth usage, email messaging, cpu load, etc. Check your system for who else might have root or wheel access, etc.. View the password file, as well as look for logins in sshd, if you keep your "logwatch" or "security run output" logs from the usual overnight runs (as you should) go back a few days and see if they came up with anything unsual. You must determine if this is a hacker who owned the box and is just messing with that one account or if maybe your server provider is doing something (it might be possible).

    Do you get an email from WHM when it is suspended?. Normally if you do a manual suspension it will send you an email with the subject: "Account Suspended on server.com (domain.com)"
    The body would have something like :

    +===================================+
    | Account Info |
    +===================================+
    | Domain: domain.com
    | UserName: whatever
    +===================================+
    Account suspended by root (root)

    Reason: xxxxxxxxx


    If you didnt get them then try a manual suspend now and see if you get one (should be a couple minutes) then unsuspend it and you should get a similiar email about the unsuspend. If you got these emails on the suspend you could time stamp exactly when it was being done.

    Its also possible something weird might have triggered WHM to suspend an account, but to DELETE it just seems very suspect.

    If you box is not owned, its could be that someone else is intervening in someway,
     
  3. rllunzmann

    rllunzmann Member

    Joined:
    Apr 24, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    hi there, i was with a provider and finally took over ownership of it. THis company has nothing but bad reviews and i have reason to believe they are breaching my server but not through WHM.

    TOday, my cPanel and WHM is not working for any domain on this server. It appears they have changed the ports they operate on.

    Do i need to move to a new physical server to avoid any further issues? This provider used to have root access to this server...
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Note, it is not possible to change the ports on which cPanel/WHM operate. It is possible that cpsrvd, the daemon that serves the cPanel, WHM and webmail interfaces is offline - though if that was the case, chkservd would attempt re-enable those services after (at most) 8 minutes.

    Another possibility is that there is a firewall blocking those ports, either on your side of the connection or on their server.
     
  5. rllunzmann

    rllunzmann Member

    Joined:
    Apr 24, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    can i hire a linux/WHM admin here? I am willing to pay, this issue is still on-going and i don't want it to get worse..
     
  6. jobymathai

    jobymathai Registered

    Joined:
    Jul 18, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Contact Bobcares for better support work.
     
Loading...

Share This Page