Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Services on my cPanel server were mysteriously disabled

Comments

5 comments

  • cPanelPeter cPanel Staff

    That is very interesting. I don't know of anything within cPanel/WHM that would disable these automatically (or via upcp).  

    I'm not aware of any exploits either, but that doesn't mean there aren't any. Seems odd though that they would only disable services.  

    You can look in two places. The log files in /usr/local/cpanel/logs 
    In particular the access_log and if present the api.log if enable api log is enabled in Tweak Settings

    Was this only on one cPanel server, or did it happen on multiple servers?

     

     

    1
  • unifique

    Very strange indeed. I didn't find anything suspicious in /usr/local/cpanel/logs/access_log, just regular customer webmail logins. Unfortunately api.log was not enabled at that time.

    Yes, we have approximately 24 cPanel servers and the problem occurred on only one.

    Note: Another piece of information that I don't know if it's relevant, a few hours later cPanel updated from version 116.0.9 to version 116.0.10.

    Below are the secure logs and messages, if you want to take a look:

    LINK REMOVED

    LINK REMOVED

    0
  • cPanelPeter cPanel Staff

    Hello,  

    I've downloaded them and removed the links from your post. None of your other servers updated to 116.0.10?  Just this one? 

    I've checked our own servers that updated and we didn't see this happening.

    I'll review the logs shortly when I get a chance.

     

    0
  • unifique
    I can't check them all, but at least one other server also updated this morning, but the problem described above only occurred on this server.
    0
  • cPanelPeter cPanel Staff

    Hello, 

    Then it's not likely related to an update. I also reviewed the logs, but the /var/log/messages and /var/log/secure logs won't provide any info.

    If your license was purchased directly through cPanel or if you are a partner, please feel free to open a ticket with us.  We'll be happy to take a look. 

     

    0

Please sign in to leave a comment.