Skip to main content

API Tokens

Comments

3 comments

  • cPRex Jurassic Moderator

    Hey hey!

    1 - Not usually, unless you have a DNS cluster configured with reverse trust.
    2 - Yes, I would
    3 - I would use the details in our tool at https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026 to see if there is anything detected.  Auditing the logs for IP access to root would also not be a bad idea, as that would tell you who accessed the system and potentially who created the key.

    0
  • Andy83

    Thanks Rex.

    I will change all the CPanel account passwords.

    How do I check and kick existing FTP sessions if the hacker was already signed in? So that we can prevent him from uploading/downloading files. 

    0
  • cPRex Jurassic Moderator

    I wouldn't be worried about FTP sessions, but restarting your FTP client should be sufficient to do that.

    This is a root-level exploit so the attacker would have much better options available than a user-level FTP connection.

    0

Please sign in to leave a comment.