Acccounts Accessed by Unknown IP Address Issue

abnet

Member
Feb 27, 2011
14
0
51
So I just found that a server seems to have been compromised. Still looking into what/how.

I've found the same foreign IP in the /home/account/.lastlogin of a couple accounts. I searched through access_logs and found the same IP had logged into all accounts all 2 seconds apart... like every two seconds logged into a different account.

How is this possible? Has to be automated... but how without Root?

Now, I'm not 100% that Root has been compromised yet... any suggestions on finding out? Can this automated login even be possible without Root?
 

abnet

Member
Feb 27, 2011
14
0
51
cPanel... you take time to change my thread title, but not provide any kind of response?

How could dozens of accounts be logged into programmatically and not see a Root login in logs????
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Hi @abnet

While this isn't necessarily something that cPanel will be able to assist with, in an effort to provide some direction and assistance please feel free to open a ticket using the link in my signature. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!