Public_html deleted itself. Twice Now PLEASE HELP!

LPackman

A couple of weeks ago my site just deleted itself from Cyberpanel the actual public_html folder was gone, the same thing just happened as I was working on the site, can someone please help me work out what is going on and possibly secure my server. I do have CSF enable with full score. This is really bad for me.

At this point I feel like scrapping the server altogether and moving to a provider because I can not deal with this happening again.

usmannasir

Make sure your plugins are updated and use ModSecurity but at the end of the day if you can't manage your server you need to get help from some managed provider.

LPackman

@usmannasir Yes well I am struggling to find support that actually answers within a reasonable time frame.. Your Free mysql optimization broke my server today, one of your support guys apparently fixed it but that's not the case now I can not access Cyberpanel or Webmin so that doesn't say much for your cloud service or the support provided. I really like Cyberpanel but I think its time to find a panel that isn't so buggy and broken and I will probably be ok. Maybe I will try again in a few years. Oh and thanks for the productive input!

usmannasir

I have checked your account and you were given free of cost support.

LPackman

@usmannasir are you kidding me, I used the mysql optimization which you promote us to go use and it broke the server, ERROR 500 unable to start mysql. You asked for credentials which I provided within a few minutes, your guy after 2 hours came back and said credentials were wrong, after 4 hours he connected and got my website back online in no time, "which I really did appreciate" even though it was something advised to do that actually broke it in the first place. However even though the site was loading I could not gain access to Cyberpanel or Webmin, so from your response I should be a paying customer to get this fixed even though it was your advice on this forum that led me there in the first place? Just to clarify I did use the optimizer once before no issues, however after setting up elastic search I thought to try again in case optimization was different, also I believe the optimization generated numerous mysql.bin files previously which was eating up my drive space (could have been something else but not seen this before), I did quote you on this with a screen shot on slack but didn't get a response. I do understand that you are a very busy person.

Also as per this post, I discussed the public_html which has deleted itself twice now, your support guy advised to use CSF, which I already do use with full score in security check and your answer is to move to a managed provider, which I can understand but is that what your guys should do when an update they create breaks something?

Furthermore in my attempts to secure Cyberpanel I have attempted to use Modsecurity numerous times however it simply breaks Wordpress & Woocommerce and does not work out of the box and no rule sets present to do so, I did create a post on this which you kindly replied and advised turning off some options however I had already tried this and the site was still had broken functionality, I also found by searching this forum many people also reported issues they also experience with Cyberpanel and Modsecurity with just some band aid fixes, so now I am afraid to install Modsecurity once again as every time I did install and activate it broke the Woocmmerce functionality, simply disabling it afterwards didn't resolve issues it created, the only solution at this point was to reinstall the entire server once more, numerous times, each time coming across different issues which were not present before.

Anyway maybe I should just follow your advice, accept I am not cut out for this and go to a managed hosting provider..

Also with regards to the support packages I have 1 single server seems there isn't really a viable package for someone like myself as would work out cheaper to follow your advice.

usmannasir

>> Just to clarify I did use the optimizer once before no issues

Yes, you along with many others are using this feature without any problem. But this is a server and issues can come, so you need to be prepared for it. Which is why I recommended that you buy a service from managed provider.

You are right that our plans does not suit single server people, they are more geared towards agencies, please look into our partners and you can go to them like AliTech or Whattheserver hosting or even Hosting.

WordPress is prune to attacks and hacks even on cPanel sites get hacked.

And I know that you won't believe but our team don't have much time to always reply in 5 minutes because this is an open source project. Most open source projects don't even have a support platform.

You need to accept the fact the problems can come anywhere and you need to be prepared to solve them.

cPanel and VestaCP forums are also full of issues, that is why I recommended you to go to a managed service.

We can't provide free of cost support due to limited time and we also have to feed our families, hope you understand.

thanks.

LPackman

I appreciate your response, and fully understand as we all have mouths to feed.

My ticket on the cloud still hasn't even had a response though, in my experience I've found good web hosts out there but the support always seems to let me and them down.

Moving forward I will give one of those hosts you recommended a try, I just hope they are available to resolve any issues quickly otherwise I will be packing my suitcase as quick as you can say onion bhaji! lol

Anyway with that said, have a good day sir and I wish you the best of luck with what appears to becoming SaaS.

LPackman

Sat up till 5am this morning reinstalling Cyberpanel and restoring website, just now I access Cyberpanel and someone has suspended my website!! Seems someone is gaining access to Cyberpanel.

Fyi I have already disabled admin account in Cyberpanel so only my own account exists which also has 2fa.

Seems to be a vulnerability here somewhere. The joy!

May 27 14:43:28 mail sudo: root : TTY=unknown ; PWD=/tmp/lscpd ; USER=root ; COMMAND=/bin/mv /usr/local/lsws/conf/vhosts/cyberp.mydomain.com /usr/local/lsws/conf/vhosts/cyberp.mydomain.com-suspended
May 27 14:43:33 mail sudo: root : TTY=unknown ; PWD=/tmp/lscpd ; USER=root ; COMMAND=/bin/mv /usr/local/lsws/conf/vhosts/mail.mydomain.com /usr/local/lsws/conf/vhosts/mail.mydomain.com-suspended
May 27 14:43:33 mail sudo: root : TTY=unknown ; PWD=/tmp/lscpd ; USER=root ; COMMAND=/bin/mv /usr/local/lsws/conf/vhosts/mydomain.com /usr/local/lsws/conf/vhosts/mydomain.com-suspended
May 27 14:43:39 mail sudo: root : TTY=unknown ; PWD=/tmp/lscpd ; USER=root ; COMMAND=/bin/mv /usr/local/lsws/conf/vhosts/localhost /usr/local/lsws/conf/vhosts/localhost-suspended
May 27 15:26:58 mail sudo: root : TTY=unknown ; PWD=/tmp/lscpd ; USER=root ; COMMAND=/bin/mv /usr/local/lsws/conf/vhosts/mydomain.com-suspended /usr/local/lsws/conf/vhosts/mydomain.com
May 27 15:26:58 mail sudo: root : TTY=unknown ; PWD=/tmp/lscpd ; USER=root ; COMMAND=/bin/mv /usr/local/lsws/conf/vhosts/mail.mydomain.com-suspended /usr/local/lsws/conf/vhosts/mail.mydomain.com

usmannasir

Only you have access to this CyberPanel ?

LPackman

Yes that is correct, new SSH keys also I have locked down internet access from router to prevent further damage

All "external" ports for Cyberpanel + Webadmin + SSH are port forwarded to port 80 as I use local only so maybe my PC is hacked. This is exciting haha :cold_sweat:

usmannasir

Can you create a ticket and share ticket ID here.

LPackman

Sorry for any delay had to take some measures here before proceeding.

Ticket #P9RRN3KXM

usmannasir

Looks like replied already.