Skip to main content

Troubleshoot/Track Server IP Change

Comments

6 comments

  • cPanelMichael
    Hello :) You can review the cPanel access log at: /usr/local/cpanel/logs/access_log Is it possible someone changed the ethernet device configured in "WHM Home " Server Configuration " Basic cPanel & WHM Setup"? Thank you.
    0
  • squiggie
    [quote="cPanelMichael, post: 1717631">Hello :) You can review the cPanel access log at: /usr/local/cpanel/logs/access_log Is it possible someone changed the ethernet device configured in "WHM Home " Server Configuration " Basic cPanel & WHM Setup"? Thank you.
    Thanks for the response. The only two ip's that accessed cpanel or WHM yesterday before the issue was me and the other admin. Neither of which would have changed that IP address. Also, ssh access logs indicate that only I access ssh yesterday and another user, who does have sudo access, but all they did was chown/chmod some files in their web directory.
    0
  • cPanelMichael
    It would be helpful to know the exact changes that were made. Is it possible there were changes made from the VPS hardware node? Thank you.
    0
  • squiggie
    [quote="cPanelMichael, post: 1718671">It would be helpful to know the exact changes that were made. Is it possible there were changes made from the VPS hardware node? Thank you.
    I think from our analysis, we're leaning toward something happening at the hardware or routing level and the information we're being fed from the host is bogus. There is no indication that I can tell of any of the changes they're claiming were made. Unless there are more logs to analyze, I just can't see it.
    0
  • dalem
    What type of Virtualization does GD use?? and panel if they use one
    0
  • squiggie
    [quote="dalem, post: 1719061">What type of Virtualization does GD use?? and panel if they use one
    Unfortunately I don't know what kind of virtualization they use. It also appears like they use a custom panel. It's nothing standard.
    0

Please sign in to leave a comment.