DocumentRoot and SecureDocumentRoot are changing unexpectingly

[nima]

I have a `CentOS` server with the latest `DirectAdmin`. today my only site on the server shows the message of "account suspension" but nothing on the panel shows that it has any kind of suspension.

In the searches I found out that on the file

/usr/local/directadmin/data/users/<username>/domains/domain.com.conf

the value of the parameters `DocumentRoot` and `SecureDocumentRoot` is on

/home/admin/domains/suspended

instead of

/home/admin/domains/domain/public_html

The question is if this has to do any thing from `DirectAdmin` or my server has been hacked? because today is the second time I am fixing this problem.

 

[SeLLeRoNe]

Check if the domain is suspended and not the user!

Is very unluckley that your server has been hacked, if it was, was way worse than this

Regards

 

[zEitEr]

Hello,

If it was Directadmin to suspend a domain or an user you would had a notice in ticket system in Directadmin. Check them to see possible reasons, in most cases it would mean that user reached and overcome a bandwidth limit.