Ok, after analizing the temp_hacker_check we discover this script is trying to prevent SOMEONE to get into the servers using cwpro.
It seems a Dev Team person went Rogue and this script is preventing and erasing posible ssh keys, db access and all that kind of stuff that a hacker will use to get into the servers using this soft.
So there is a person hacking all the CWPRO servers using a Gsocket Backdoor and the hacker key begins with IPCsi58x.... and using mysql users also, there is a bug operator=/root erasing all keys.
This is hapenning in ALL the servers using this panel. and you can see if you look closely there is in your hosts a 127.0.0.1 gsocket.io and cloudsyndication.org. Blocks by this scripts to keep hackers outside.
So i will love and explanation from someone from cwpro, to come clean about this... We love this panel and we dont gonna change, but we can help you.