Troubleshoot/Track Server IP Change
We have a vps with GoDaddy. It is a Cent OS 6.5 VPS with WHM/Cpanel installed. Currently, there is only 1 domain hosted on this configuration and it's our main production domain.
Yesterday, everything on the site stopped working. We couldn't access WHM or cPanel and we couldn't ssh into the server. After opening a support ticket with GoDaddy, they were able to resolve the issue and came back with this as the root cause.
[QUOTE]Upon review of your server access issue, it appears you made changes that have made cPanel/WHM use your secondary IP as the primary IP. Additionally, you made it so that SSH uses the secondary IP.
Now, there is 1 other person who has WHM access to the server, and a couple other people who have cPanel access to the server. I'm fairly certain this change cannot be made with cPanel access but perhaps WHM access. I know I wasn't in WHM at all yesterday and I would not have made any change in ssh to do this. I'm curious if there might be a WHM log that can track this so I can see what change might have been made and where to prevent this from happening in the future. My guess is it was an accident, but no one knows what change might have caused it and I cannot find from the system logs anything like this that would have caused the issue. Any suggestions or help would be appreciated.
Now, there is 1 other person who has WHM access to the server, and a couple other people who have cPanel access to the server. I'm fairly certain this change cannot be made with cPanel access but perhaps WHM access. I know I wasn't in WHM at all yesterday and I would not have made any change in ssh to do this. I'm curious if there might be a WHM log that can track this so I can see what change might have been made and where to prevent this from happening in the future. My guess is it was an accident, but no one knows what change might have caused it and I cannot find from the system logs anything like this that would have caused the issue. Any suggestions or help would be appreciated.
-
Hello :) You can review the cPanel access log at: /usr/local/cpanel/logs/access_log Is it possible someone changed the ethernet device configured in "WHM Home " Server Configuration " Basic cPanel & WHM Setup"? Thank you. 0 -
[quote="cPanelMichael, post: 1717631">Hello :) You can review the cPanel access log at: /usr/local/cpanel/logs/access_log Is it possible someone changed the ethernet device configured in "WHM Home " Server Configuration " Basic cPanel & WHM Setup"? Thank you.
Thanks for the response. The only two ip's that accessed cpanel or WHM yesterday before the issue was me and the other admin. Neither of which would have changed that IP address. Also, ssh access logs indicate that only I access ssh yesterday and another user, who does have sudo access, but all they did was chown/chmod some files in their web directory.0 -
It would be helpful to know the exact changes that were made. Is it possible there were changes made from the VPS hardware node? Thank you. 0 -
[quote="cPanelMichael, post: 1718671">It would be helpful to know the exact changes that were made. Is it possible there were changes made from the VPS hardware node? Thank you.
I think from our analysis, we're leaning toward something happening at the hardware or routing level and the information we're being fed from the host is bogus. There is no indication that I can tell of any of the changes they're claiming were made. Unless there are more logs to analyze, I just can't see it.0 -
What type of Virtualization does GD use?? and panel if they use one 0 -
[quote="dalem, post: 1719061">What type of Virtualization does GD use?? and panel if they use one
Unfortunately I don't know what kind of virtualization they use. It also appears like they use a custom panel. It's nothing standard.0
Please sign in to leave a comment.
Comments
6 comments