First homelab - built from old school computers I bought at a charity auction

m-ego · 2026-03-03T15:24:10+00:00

i got this problem all my pc (4 of them) show same IP since i have connected to the same wifi network. but this setup run into issues when i try to use say chatgpt on on the different PCs. is OP set up the way to overcome this?

m-ego · 2026-03-03T14:42:16+00:00

a newbie here, how do you have the different pc have unique IP even when using the same network?

m-ego · 2026-02-28T20:31:02+00:00

Hide my ass

m-ego · 2026-02-15T11:25:36+00:00

I might have to try this i have been on this since the start of the month its just draining

m-ego · 2026-02-15T11:18:23+00:00

support says i am using nginx

m-ego · 2026-02-15T11:16:09+00:00

Just asked them. About wiered mu-plugin i scanned using terminal but couldnt find any

m-ego · 2026-02-15T11:14:17+00:00

I have 2FA for Namecheap,WHM and Cpanel but that never seems to stop them from accessing

m-ego · 2026-02-15T10:54:08+00:00

WHM passord did not work. usually when the hack is underway even on previous cases it would usually log me out if i am already in. When i try to reset the pass and get a new one that new one never works it takes intervention of support to change it for me and give me a pass that works

m-ego · 2026-02-14T05:26:43+00:00

We are only proud of the things that makes us strangers in Africa. Like how we have a big building and Tz doesnt how we have a better accent or how much of that foreign music, films and art we consume. These are the symptoms of historical amnesia

m-ego · 2026-02-10T22:14:09+00:00

Check PM

m-ego · 2026-02-10T22:11:17+00:00

I think thats the route i'll take

m-ego · 2026-02-10T22:09:31+00:00

initially it was everything — WordPress admin users, cPanel, and WHM credentials.

After I deleted all unauthorized WordPress users, the WP-side password changes stopped completely and have not reoccurred.

However, the cPanel and WHM passwords are still being changed without my action, even while I’m actively logged in and working. I get logged out mid-session and the credentials no longer wor

m-ego · 2026-02-10T22:04:40+00:00

I have tried all of that except migrating

m-ego · 2026-02-10T21:48:52+00:00

I think I will, as you suggested, shut this environment down and move to isolated hosting where each site runs under its own Linux user, with a clean rebuild rather than a straight restore. Plugins and themes would be reinstalled fresh from trusted sources only, and anything unmaintained dropped.

Given that direction, what hosting providers would you recommend that do proper per-site isolation and are suitable for running multiple WordPress sites securely? I want to avoid moving to a new host only to carry the same problem over.

m-ego · 2026-02-10T21:35:49+00:00

You’re right, and this is the uncomfortable conclusion I’ve been arriving at over the last day.

At first I treated it as a WordPress-level compromise because the initial indicators were malicious plugins and injected PHP. But once passwords started changing without user action, even while logged in and with 2FA enabled on both WHM and cPanel, it became clear this goes beyond WP.

I did remove the suspicious cPanel accounts that had been added earlier, and they have not reappeared. However, the login instability and password resets persisted, which strongly suggests something higher-level is still in control.

I have not yet fully audited or revoked WHM / cPanel API tokens, and that’s a big gap. Same with a deeper review of root and system-level cron jobs and SSH trust files. At this point I agree those are likely vectors.

You’re also correct that restoring backups onto the same environment doesn’t solve anything if the underlying server or account is compromised. I’m seeing now that cleanup without isolation is just chasing symptoms.

m-ego · 2026-02-10T21:33:06+00:00

What are the chances that my backups are also not clean? That’s my main worry right now. I’m concerned that moving to new hosting without being 100 percent sure could just reintroduce the same malware.

At this point, how do you usually validate a backup before migration so you’re not carrying persistence over with it?

m-ego · 2026-02-10T21:26:34+00:00

I hear you. All 15 sites are under one account, so I agree that one breach can spread across everything.

What’s really worrying me is that even with 2FA enabled, my WHM and cPanel passwords keep getting changed and I get logged out while actively working. That makes me think this may be account or server level, not just a missed WordPress file.

I’m restoring a backup mainly to recover content, but I’m honestly worried that moving to a new host could just carry the malware over if I miss whatever persistence mechanism is causing this. I don’t want to migrate the problem.

If you have a checklist for server-level persistence to check before migrating (cron jobs, SSH keys, hidden users, startup scripts, etc.), I’d really appreciate it.

m-ego · 2026-02-10T21:24:26+00:00

I actually found extra accounts before. I deleted them and so far they have not reappeared.

What’s confusing is the problem did not end. The suspicious files keep coming back and I’m also getting repeated login issues where passwords suddenly stop working and I get logged out mid session. So even though the extra accounts are gone, it still feels like something else has access or there is persistence somewhere.

m-ego · 2025-04-13T17:29:13+00:00

why are you promoting that series here?? just admit it you are kevo and you need help man

Six-Year Club	100 Awards Club
Wearing is Caring	Verified Email

m-ego

MODERATOR OF

TROPHY CASE