Question
My server has been confirmed by cPanel support as being root compromised. What issues can support help me with?
Answer
Because this server has been confirmed root-compromised, cPanel Support essentially can no longer trust the integrity of the server. Even if the identified symptom(s) have been removed from the server, this is not enough to be confident in the server again. There could be modified binaries, backdoors, or any other actions taken with the server that make it dangerous to work on. Otherwise, innocent commands may turn out to cause damage to the server up to and including data loss.
Until the server has been reprovisioned and we're confident in the integrity of the server, the support offered will be limited to assisting with migrating to a new server. As mentioned, we view anybody logging into a compromised server as a risk to server health and integrity that's only worth risking if attempting to reload/migrate the server.
We can offer advisory level support only via our ticket system responses. We will be unable to log in to the affected server to help investigate any issue during this. Additionally, we will only provide advisory assistance on a server that has just been confirmed to be root compromised.
Please keep in mind that due to the security implications and the fact that we're unable to know what changes were performed by the hacker, our support staff will only be able to assist with advisory assistance once (and only once) on the affected server.
Issues that our staff cannot, under any circumstances, provide advisory assistance with on root compromised servers include:
- PCI Scans.
- AutoSSL issues.
- SSL installation issues.
- When the risk of assistance is too great.
Once our support has assisted with an issue occurring on the server, we will not be able to assist any further. At that point, the only assistance we can offer is with migrating to a new cPanel / WHM server.