Try to hack and cron stop every night

Hello,

I'm getting this error messages every night at 1:00 AM:

2025-09-03 01:00:03.408 ===== TRACE ===== Logfile->purge() : Technical trace to keep current log file
2025-09-03 01:00:04.006 ***** ERROR ***** [V12.2.2] HACK ================================================================
2025-09-03 01:00:04.006 ***** ERROR ***** [V12.2.2] Try to hack detected
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  Source Code = checkDisplayMenuForUser() Reject for menu 'Admin'
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  QUERY_STRING =  csrfToken=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&directAccessIndex=
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  REMOTE_ADDR = XX.XX.XX.XX
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  SCRIPT_FILENAME = /var/www/projeqtor/tool/cronRelaunch.php
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  CONNECTED USER = # -
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]     Last connection =
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]        Last access =
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]        Disconnection =
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  === Trace Stack for last error ===
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/tool/projeqtor.php at line 1734 calling debugPrintTraceStack()
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/model/Security.php at line 460 calling traceHack()
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/tool/adminFunctionalities.php at line 28 calling Security:checkDisplayMenuForUser()
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/tool/cronExecutionStandard.php at line 359 calling require_once()
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/model/Cron.php at line 610 calling cronRunConsistencyCheck()
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/model/Cron.php at line 449 calling Cron:run()
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/tool/cronRelaunch.php at line 30 calling Cron:relaunch()
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  ===
2025-09-03 01:00:04.007 ***** ERROR ***** [V12.2.2]  REQUEST_URI = /tool/cronRelaunch.php?csrfToken=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&directAccessIndex=
2025-09-03 01:00:04.524 ***** ERROR ***** [V12.2.2] CRON abnormally stopped
2025-09-03 01:00:04.524 ***** ERROR ***** [V12.2.2]  === Trace Stack for last error ===
2025-09-03 01:00:04.524 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/model/Cron.php at line 324 calling debugPrintTraceStack()
2025-09-03 01:00:04.525 ***** ERROR ***** [V12.2.2]  => /var/www/projeqtor/tool/cronRelaunch.php at line 28 calling Cron:abort()
2025-09-03 01:00:04.525 ***** ERROR ***** [V12.2.2]  => calling cronAbort()
2025-09-03 01:00:04.525 ***** ERROR ***** [V12.2.2]  ===

The "Try to hack" is a false positive. I've checked and there is no traffic between the server and the REMOTET_ADDR or any other IP address.The REMOTE_ADDR is the IP of the last disconnected user (either by automatic or manual disconnection). I'm certain this user is disconnected, their computer is off, and DHCP has not assigned the address to another device.

The problem started a long time ago (a year or so?) and I can't say which version it began on.

Any advice on where to look to solve this problem would be greatly appreciated.
Thank you in advance for your help.

Best regards,
Lionel

Hi,

Thanks for your quick response.

I've checked the configuration based on your feedback. The only change I made was renaming the user from "Admin" to "Admin_XXXX" but keeping the ID #1.

The user with ID #1 was never deleted. It still has the "Administrator" profile and access to the "Administration" screen.

Since your last message, I've even changed the user's name back to "Admin", but the "Try to hack" error persists and the cron job still stops abnormally.

Thank you again for your help.