Categories
Posts in Infrastructure
Servers, control panels, OS-level networking, and storage.
- 15 min read
86 CPU spikes in 24 hours: a multi-cause cascade postmortem
A cPanel server fired 86 ChkServd CPU alerts in one day. Four root causes were amplifying each other. The triage, the order of fixes, and the lessons.
- 6 min read
When you have to suspend a WooCommerce client: anatomy
A WooCommerce client burned 40-60% CPU on a shared cPanel box for 48 hours, unreachable. The decision tree, the suspension, and the conversation after.
- 14 min read
Patchman activation breaks PHP sites: memory_limit gotcha
Patchman daily scans on cPanel push large WordPress sites past the PHP memory_limit and trigger 500s. Diagnostic flow, two-part fix, pre-activation audit.
- 8 min read
The corrupted WordPress db.php dropin nobody warned you of
WordPress says the DB connection is down but MySQL is fine, and only one site is affected. The cause is almost always a broken db.php dropin in wp-content.
- 14 min read
Locked out of cPanel SSH: VNC, iptables, and the way back in
How to recover from a cPanel SSH lockout using your provider's VNC console, iptables flush, and CSF restore, plus the audit that prevents the next one.
- 6 min read
When the client changes DNS without telling you first
Mail dies, AutoSSL stops renewing, the homepage shows a registrar parking page. A short field guide to diagnosing and fixing a silent DNS handover.
- 13 min read
AutoSSL fails on Microsoft 365 autodiscover subdomains: the fix
Why cPanel AutoSSL emails nightly that autodiscover.client failed HTTP-01 when the client uses Microsoft 365, and the two-step WHM exclusion fix.
- 12 min read
cPanel disk full at 96 percent: the backup retention trap
A postmortem on a cPanel /home at 96 percent, why 7 backup sets ate 331GB, the safe-deletion order, and the WHM retention that stops the cascade.
- 14 min read
xmlrpc.php abuse and the 27-site one-shot fix on cPanel
A postmortem on 5,400 xmlrpc.php requests an hour from one /24, why per-site plugin fixes fail, and the shell loop that hardened 27 WordPress sites at once.
- 13 min read
SSH brute force on cPanel: the 8,127-attempt night and the fix
A postmortem on 8,127 failed SSH logins to a cPanel server in six hours from rotating /24s, why lfd alone could not see the pattern, and the layered fix.
- 15 min read
WooCommerce filter URLs are a crawler trap: the fix
A 2026 postmortem on WooCommerce filter URLs as a crawler trap: 41,000 unique URLs/hour from Facebook and MJ12bot, the diagnostic, and a three-layer fix.
- 17 min read
WordPress WP-Cron stacking on cPanel: a complete fix
A 2026 postmortem on WordPress WP-Cron stacking on cPanel: 41 concurrent PHP-FPM children, the HTTP loopback that doubles load, and the three-layer fix.
- 14 min read
CSF, lfd, and Imunify360: why your firewall is killing itself
A 2026 postmortem on cPanel servers running CSF and Imunify360 in parallel: lfd OOM kills, csf.deny bloat, iptables races, and the fix we ship.
- 2 min read
Imunify360 custom SSH port: stop blocking your admins
Tell Imunify360 about your non-22 SSH port so its brute-force protection stops blocking legitimate admin connections, with a verification command.
- 3 min read
ChkServd alert field guide: reading cPanel service alerts
Decode the chkservd alert subject lines and bodies cPanel sends when a service flaps, with notes on common false positives and how to tune sensitivity.