Yesterday it seems that 2 accounts were deleted from cpanel. This is a dedicated server that only myself and the host (it's a managed server) should have access to.
I had the host look into it, and they were able to restore one domain/reseller but there is no sign of the other ever existing, including from admin logs of deletions etc.
They are currently trying to restore from backup, but I worry HOW this happened as much as getting it fixed.
Luckily both domains are mine and they both being set up as resellers, none of the accounts under them were deleted or missing. I just don't understand how this could happen.
If this was another account, one not set up as a reseller, one that actually has a lot of traffic i'd have been screwed totally. I HAVE to prevent this from happening again, but i have no idea where to even start or tell the host to start. As far as I know all software is up to date, nothing on any of the two domains that were deleted is the same (as far as scripts) other than they were both resellers.
any help, past experience, places to check first etc are all appreciated. before you do state the totally obvious, i have changed the root password, and will change the password on those two accounts as soon as they're both fully restored.
Did you check the cpanel access logs about it? The log is at
/usr/local/cpanel/logs/accesslog. This will have the details of IP address from which it was deleted.
Also, make sure there is no unauthorised root access through the shell.
well this got fixed by restoring from a backup. thank goodness for rsync.
Per the managed host this was due to a configuration error. I've changed every password on the server including both resellers, root, sql, individual databases, everywhere on the site that i have a password including those of scripts I have installed. (just in case)