Updating Virtualmin or reneview licence brake server

I do not know how to solve this problem:
It happended 2 things and do not know how to check wich one brake virtualmin pro.
1) I have payed for the reneview of virtualmin pro licence that was expired from 4 days.
2) I have updated virtualmin and webmin packages
Same day
After that I am unable to access to web interface or throught remote as root
I can only access via ftp (no ssh) only normal mode with a secondary admin user that has not privileges to access to root folders.
I get user and password refused if I try to access as root
now it's a big problem cause I do not know other ways to access to server ...
Some days ago I provided to Virtualmin staff a support access to enter into the server but I am not able to retrieve datas cause the only thing I see is a web page with just
System Information and Logout links ...



A virtualmin upgrade or licence renewal won't break SSH logins ..

What is your system's IP address? I can check if we can still SSH to it ... the cause may be that the root password was changed.

Is your SSH server running on the standard port, or a custom port?

Except for virtualmin that listen on 10001 I have left everything as default.

From what I can see, your SSH server isn't running at all.

Do you have console access to the system to reboot it or restart the SSH server?

I operate from remote.
I use web interface or putty or filezilla.
Is there another way to' access server? I can tell to' webfarm provider staff to restart server?

I'd suggest asking your web host or ISP to reboot the system.

rebooted server but the situation is the same as above

Can you ask your ISP to login to the system at the console, reset the root password and start the SSH server?

The ISP provided me a switch KVM to connect directly to server. I can provide you ip address and user and passwd. Because I am not so skilled in server admin (i bought virtualmin pro to help me do automatic and safe routine when i build a new website and services) For example I do not know the commands to reset root password and to start ssh server ... :(

Was able to change root passwd restarting in single mode anyway there is a problem that maybe messed up everything after update: There are several lines with "segmentation fault" error In CentOS forum it's attribuited to 3d party software that mess up CentOS original files ... (?) Do you have any ideas? Virtualmin went always so smooth for me till last release ...

Where are you seeing the segmentation fault errors -- is there a particular logfile you're looking at? Can you paste a few of the messages in?

Sometimes, they include additional information that makes it possible to know what's causing the problem.

Also, what do you see if you type "ls /etc/yum.repos.d"?

rebooting server with KVM active I have seen a lot of "Segmentation Fault" when the computer try to kill processes to restart It stucks at sending terminal process at usermin (do not remember exact words)

ls /etc/yum.repos.d CentOS-Base.repo virtualmin-bleed.repo virtualmin.repo.rpmnew CentOS-Media.repo virtualmin.repo

I have restarted server now but last kernel update wasn't installed properly infact if I try to use it I get errors like bad image etc... (had segmentation fault errors also while updating)

Now the good news is that SSH is working but I found that default port (22) was changed to 6969 (???) and bad news is that I am having a terrible headache cause this is going too far from what I can handle PROFTP server is not working You can connect using last account I generated for staff using SSH on port 6969 I leave everythng unchanged till you help me understand what's going on ...

It looks to me like your system was hacked somehow, and the attackers changed the root password, SSH port and other things :-(

If you have backups of your Virtualmin domains, I would suggest wiping the system, re-installing the OS, re-installing Virtualmin and then restoring the backups. It's the only way to be sure..

This is the 2nd time in 3 months it's been hacked ... I can wipe and restore it like I did before but I would like to know how did they hacked the system. I thought Linux/Virtualmin was strong enough. I am the only admin How did they hacked root password and messed up server ? I feel scared now that backup can hold something hacked and the story will be the same even if I clean system again ... Everything on server was default and script were always up to date. The only "strange" thing I did was to install the Bleeding Repo to be able to use latest php 5 and Mysql. The only script I use are drupal and Invision Power Board. What should I check before wiping all ?

Found Virus on Server hidden in:
the names are
/usr/local/games/.s/pscan2 - una variante di Linux/RST.B virus
/usr/local/games/.s/ss - una variante di Linux/RST.B virus
/usr/local/games/.s/ssh-scan - una variante di Linux/RST.B virus

It is hard to say how the hack happened without seeing the logs .. but in my experience, almost all attacks come through weaknesses in PHP scripts that allow remote command execution or SQL injection. Make sure you always run the latest versions of Drupal and your other scripts .. and be careful of those that are not as well supported, as they are more likely to have bugs. For example, I haven't heard of "Invision Power Board" before..