EV=/root/ir-evidencia-$(date +%Y%m%d-%H%M) mkdir -p "$EV/cleanup-apache" chmod 700 "$EV" # 1. Backup configs Apache antes de tocar cp -a /etc/apache2/conf/httpd.conf "$EV/cleanup-apache/httpd.conf.bak" cp -ar /var/cpanel/userdata "$EV/cleanup-apache/userdata.bak" # 2. Eliminar TODO rastro de las 3 cuentas falsas en Apache + cPanel for u in root1 sptadm rese1289977; do echo "=== procesando $u ===" # cPanel userdata (esto es lo que genera los VHosts en httpd.conf) rm -rf /var/cpanel/userdata/$u 2>/dev/null rm -f /var/cpanel/users/$u 2>/dev/null # PHP-FPM pool rm -f /var/cpanel/php-fpm.d/${u}.conf 2>/dev/null # Home (si quedó) rm -rf /home/$u 2>/dev/null # Imunify rm -rf /etc/imunify360/user_config/$u 2>/dev/null # Cron rm -f /var/spool/cron/$u /var/spool/cron/crontabs/$u 2>/dev/null # Domain registry files sed -i "/^${u}$/d" /etc/userdomains 2>/dev/null sed -i "/${u}\.internal/d" /etc/userdomains 2>/dev/null sed -i "/: ${u}$/d" /etc/userdomains 2>/dev/null sed -i "/${u}\.internal: ${u}/d" /etc/userdomains 2>/dev/null sed -i "/^${u}\.internal:/d" /etc/trueuserdomains 2>/dev/null sed -i "/^${u}:/d" /etc/trueuserowners 2>/dev/null sed -i "/${u}/d" /etc/domainusers 2>/dev/null # DNS zone files rm -f /var/named/${u}.internal.db 2>/dev/null rm -f /var/named/${u}.* 2>/dev/null # Imunify reseller config (si existe) rm -rf /var/cpanel/resellers.cache/${u} 2>/dev/null done # 3. Reconstruir userdomains y configs cPanel /scripts/updateuserdomains /scripts/rebuild_phpconf 2>/dev/null # 4. CRÍTICO — regenerar httpd.conf desde userdata limpio /scripts/rebuildhttpdconf # 5. Para equitysbc — verificar el problema separado if [ ! -d /home/equitysbc/public_html ]; then echo "=== equitysbc no tiene public_html ===" ls -la /home/equitysbc/ 2>/dev/null cat /var/cpanel/users/equitysbc 2>/dev/null | head -5 fi # 6. Test de config Apache antes de arrancar /usr/local/apache/bin/apachectl configtest 2>&1 | head -20 # 7. Si configtest pasa OK, arrancar systemctl reset-failed httpd systemctl start httpd sleep 3 systemctl status httpd --no-pager | head -15 ss -tnlp | grep ":80 "