cPanel forwarder hack

lxxd

Registered
Aug 21, 2006
1
0
151
Hi,

One of our clients had their email forwarder edited to add another email address. There is nothing in logs which suggest a forwarder addition. Has anyone experienced similar issues with cPanel.
 

apscinsspl

Well-Known Member
Mar 15, 2008
112
0
66
Hello,

No such hack reported yet but I think his cpanel password maybe hacked from his end and someone is just try to spy his mails and hence did this.
 

rhenderson

Well-Known Member
Apr 21, 2005
785
2
168
Oklahoma
cPanel Access Level
Root Administrator
Hi,

One of our clients had their email forwarder edited to add another email address. There is nothing in logs which suggest a forwarder addition. Has anyone experienced similar issues with cPanel.
This could easily be done via root with direct shell edit of the /etc/valiases/domain.com file which would not be logged or with a mail manage program like Configserver and I do not think it would be logged. The code could have even been echoed to the /etc/valiases
 

thewebhosting

Well-Known Member
May 9, 2008
1,201
1
68
If you have a root access of server then check in CPanel access logs to make sure there is no access from any other IP address then yours.

You can check the CPanel access logs at /usr/local/Cpanel/access_log