Big issue with my DirectAdmin portal

[HamDz]

Hello,

I'm facing a big issue with my DirectAdmin portal.


Unfermently as I see it was affected by an unknown third party.
So, please let me know is there any way to recover it.

when I try to access I get the following message error:

This site can’t be reached

The host refused to connect

ERR_CONNECTION_REFUSED


Thank you.​

 

[Richard G]

See if you still can login via SSH to your server. If yes, you have to check if DA is still running and check logfiles about what's going on.

 

[HamDz]

Yes, of courrse.
Output of service directadmin status


service directadmin status
Redirecting to /bin/systemctl status directadmin.service
● directadmin.service - DirectAdmin Web Control Panel
Loaded: loaded (/etc/systemd/system/directadmin.service; enabled; vendor pre>
Active: active (running) since Wed 2021-09-08 10:20:22 UTC; 3h 24min ago
Docs: http://www.directadmin.com
Process: 1746110 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SU>
Main PID: 1748389 (directadmin)
Tasks: 32 (limit: 202276)
Memory: 71.0M
CGroup: /system.slice/directadmin.service
├─1748389 /usr/local/directadmin/directadmin
├─1748395 /usr/local/directadmin/directadmin
├─1748409 /usr/local/directadmin/directadmin
├─1748410 /usr/local/directadmin/directadmin
├─1748411 /usr/local/directadmin/directadmin
├─1748412 /usr/local/directadmin/directadmin
├─1748413 /usr/local/directadmin/directadmin
├─1748414 /usr/local/directadmin/directadmin
├─1748415 /usr/local/directadmin/directadmin
├─1748416 /usr/local/directadmin/directadmin
├─1756926 /usr/local/directadmin/directadmin
└─1756927 /usr/local/directadmin/directadmin

error.log file output



2021:09:07-15:03:30: Socket write error: fd is connected to a pipe or socket whose reading end is closed. When this happens the writing process will also receive a SIG_PIPE signal. (Thus, the write return value is seen only if the program catches, blocks or ignores this signal.)
2021:09:07-15:03:30: Send:sendData(/admin/modsecurity): attempted to send 1688 bytes, but only 0 were delivered
2021:09:07-15:04:58: Socket write error: fd is connected to a pipe or socket whose reading end is closed. When this happens the writing process will also receive a SIG_PIPE signal. (Thus, the write return value is seen only if the program catches, blocks or ignores this signal.)

 

[Richard G]

Is that on every machine? Did you try from another location? If you want you can send me a pm with the domain name then I have a try from here. I don't need login credentials for just to see if DA login appears.
Also check your firewall if ports are open.
Check in /usr/local/directadmin/conf in the directadmin.conf file if there is no "port=xxx" statement which uses another port than 2222.

Test with telnet if you can connect locally to port 2222:
Use the command telnet localhost 2222 and then you should get this output:

[root@server: ~]# telnet localhost 2222
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Unfermently as I see it was affected by an unknown third party.

What do you mean with this exactly?

 

[HamDz]

Unfortunately, Your answer is too late..
Please close this discussion ASAP...
I wish you the best.........
Kind regards...........

 

[Richard G]

I can't close anything. Why too late, is it fixed? You did a new install?

All the best to you too.

 

[HamDz]

Thank you, I appreciate it.