Results 1 to 5 of 5
  1. #1

    help! accounts deleted from cpanel

    Yesterday it seems that 2 accounts were deleted from cpanel. This is a dedicated server that only myself and the host (it's a managed server) should have access to.

    I had the host look into it, and they were able to restore one domain/reseller but there is no sign of the other ever existing, including from admin logs of deletions etc.

    They are currently trying to restore from backup, but I worry HOW this happened as much as getting it fixed.

    Luckily both domains are mine and they both being set up as resellers, none of the accounts under them were deleted or missing. I just don't understand how this could happen.

    If this was another account, one not set up as a reseller, one that actually has a lot of traffic i'd have been screwed totally. I HAVE to prevent this from happening again, but i have no idea where to even start or tell the host to start. As far as I know all software is up to date, nothing on any of the two domains that were deleted is the same (as far as scripts) other than they were both resellers.

    any help, past experience, places to check first etc are all appreciated. before you do state the totally obvious, i have changed the root password, and will change the password on those two accounts as soon as they're both fully restored.
    I reserve the right to be wrong at all times

    phpbb forums without hosting fees

  2. #2
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,878
    * Moved to Technical and Security Issues....

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  3. #3
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Did you check the cpanel access logs about it? The log is at
    /usr/local/cpanel/logs/accesslog. This will have the details of IP address from which it was deleted.
    Also, make sure there is no unauthorised root access through the shell.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  4. #4
    well this got fixed by restoring from a backup. thank goodness for rsync.

    Per the managed host this was due to a configuration error. I've changed every password on the server including both resellers, root, sql, individual databases, everywhere on the site that i have a password including those of scripts I have installed. (just in case)
    I reserve the right to be wrong at all times

    phpbb forums without hosting fees

  5. #5
    cPanel allows http authentication and recently an option has been added to prevent this. I'm not sure but grep apache domlogs for "/cpanel" and see what you will find.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •