Can't access any service of CPANEL
Hi,
I have a VPS with CPANEL & WHM. Since today about 11AM, one of my mails start receiving this mails
Like 5000 mails or more, this mails it's on a Outlook on Windows, I think that a virus start spamming allot of Yahoo mails and some of them doesn't exist. Note: I was working in one of my dev domains uploading stuff like 2 or 3 files per minute via FTP Like 10 minutes after that I can't access WHM, CPANEL, FTP, EMAILS. And any other service from CPANEL What I can access: - Normal websites (they are still working and their DB) - SSH - MYSQL (I install a second PHPMYADMIN, on my dev domain for faster access and I can access from there, but no from CPANEL) I already try: - Reboot server - Restart CPanel service - re-assign root CPanel password - stop firewall (maybe my ip was blocked) My VPS it's hosted on DigitalOcean. I'm desperate any ideas? [COLOR="silver">- - - Updated - - - Hi sorry for double post, I can't edit the original. I just try again to login to my server and now I can login to every service. What's going on? maybe a virus hit my server When I can't access my server y monitor on ssh with #TOP and I didn't see anything suspicious
RV: Warning: message 1Ww9ds-0008OQ-Et delayed 24 hoursLike 5000 mails or more, this mails it's on a Outlook on Windows, I think that a virus start spamming allot of Yahoo mails and some of them doesn't exist. Note: I was working in one of my dev domains uploading stuff like 2 or 3 files per minute via FTP Like 10 minutes after that I can't access WHM, CPANEL, FTP, EMAILS. And any other service from CPANEL What I can access: - Normal websites (they are still working and their DB) - SSH - MYSQL (I install a second PHPMYADMIN, on my dev domain for faster access and I can access from there, but no from CPANEL) I already try: - Reboot server - Restart CPanel service - re-assign root CPanel password - stop firewall (maybe my ip was blocked) My VPS it's hosted on DigitalOcean. I'm desperate any ideas? [COLOR="silver">- - - Updated - - - Hi sorry for double post, I can't edit the original. I just try again to login to my server and now I can login to every service. What's going on? maybe a virus hit my server When I can't access my server y monitor on ssh with #TOP and I didn't see anything suspicious
-
Hello :) 1. Please review: "WHM Home " Security Center " cPHulk Brute Force Protection" If it's enabled, make sure you add the IP address you are connecting from to the white list. 2. As for the email issue, review /var/log/exim_mainlog or your mail queue to see if you can pinpoint the source of the messages. Thank you. 0 -
Hi, About the number 1, I can't access anything on the sever webmail, CPANEL, WHM.. I try /etc/init.d/iptables stop And I can't access. Today I'm trying again and now I can't enter the server again, any service FTP, WEBMAIL, CPANEL, WHM, etc.. I already stop iptables and nothing. Also reboot the server. I already install clamscan and check for virus I found 52 on email and eliminate all of them. About the number 2 I already check the source, someone from Russia hack that email and was login via SMTP (I already fix this) But This is the second time I can't access the server from FTP, CPANEL, WHM? why? 0 -
[quote="Edig, post: 1666951">But This is the second time I can't access the server from FTP, CPANEL, WHM? why?
Is the connection failing completely, or is authentication failing? Thanks.0 -
It's authentication failing, Any user and any password Login Fail, I think that I enter a bad password, so I set a new password to the root user from SSH and I can't access again. As far I can tell this problem occurs to any IP you try to get it (I try with 2 different IP) 0 -
It seems like the account might be locked by cPhulk brute force detection. If you can't access WHM, try disabling it from the command line. EX: for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done /usr/local/cpanel/bin/cphulk_pam_ctl --disable
Thank you.0
Please sign in to leave a comment.
Comments
5 comments