Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Acccounts Accessed by Unknown IP Address Issue

Discussion in 'Security' started by abnet, Mar 20, 2019.

  1. abnet

    abnet Member

    Joined:
    Feb 27, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    51
    So I just found that a server seems to have been compromised. Still looking into what/how.

    I've found the same foreign IP in the /home/account/.lastlogin of a couple accounts. I searched through access_logs and found the same IP had logged into all accounts all 2 seconds apart... like every two seconds logged into a different account.

    How is this possible? Has to be automated... but how without Root?

    Now, I'm not 100% that Root has been compromised yet... any suggestions on finding out? Can this automated login even be possible without Root?
     
  2. abnet

    abnet Member

    Joined:
    Feb 27, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    51
    cPanel... you take time to change my thread title, but not provide any kind of response?

    How could dozens of accounts be logged into programmatically and not see a Root login in logs????
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,826
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I can't answer that for you. But I did change the title to better reflect the issue you're faced with.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,791
    Likes Received:
    442
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @abnet

    While this isn't necessarily something that cPanel will be able to assist with, in an effort to provide some direction and assistance please feel free to open a ticket using the link in my signature. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...
Similar Threads - Acccounts Accessed Unknown
  1. Mister9
    Replies:
    8
    Views:
    1,335

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice