A few days ago, cPanel started sending out security alerts, informing users that opened a ticket in the last 6 months that one of the servers utilized by the company’s technical support department was hacked.
“While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys,” the notifications read.
“If you are using an unprivileged account with ‘sudo’ or ‘su’ for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.”
The incident is being investigated, but customers are asked to “take immediate action on their own servers.”
According to experts from Sucuri, there might be a link between this incident and the root-level exploit in RedHat/CentOS servers.