Unpatched Source Detected.

Hello, I'm getting constant emails like this:

/etc/pam.d/sshd: UNPATCHED SOURCE DETECTED! Executing: [patch -N -r /root/failed.patch -i /usr/sec/patch/etc_pam.d_sshd.techproxy.patch -p0] ...
patching file /etc/pam.d/sshd
Hunk #1 FAILED at 1.
Hunk #2 FAILED at 10.
2 out of 2 hunks FAILED -- saving rejects to file /root/failed.patch
/etc/pam.d/sshd: UNMATCHED REGEX: (?^:techproxy)
/usr/sec/patch/etc_pam.d_sshd.techproxy.patch: Failed to apply patch:
--- /etc/pam.d/sshd.orig 2013-11-07 18:59:01.355904422 -0700
+++ /etc/pam.d/sshd 2013-11-07 19:00:01.388882973 -0700
@@ -1,5 +1,6 @@
#%PAM-1.0
-auth required pam_sepermit.so
+auth include techproxy
+auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
@@ -10,6 +11,7 @@
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
+session include techproxy
session include password-auth

cPRex Jurassic Moderator

May 26, 2026 13:36

Hey there! This doesn't seem like a cPanel notification that I'm familiar with, so I can't say for sure what may be happening here. Could you let me know the subject line of the message and the "from" of the email so I could try and get you more details?

bananacy

May 27, 2026 10:48

Hi,

I see them in Mail queue, status frozen unless i forward root@ to my email.
From is Mailer-Daemon
Subject: Cron <root@server> /usr/sec/bin/ulpatch
Its all day every day..

May 27, 2026 16:06

Thanks for the additional details. That confirms this isn't something sent by cPanel - ULPatch isn't a tool we create or provider, so this is something that was manually configured on your machine.

Unpatched Source Detected.

Comments

Didn't find what you were looking for?