I think I have a problem with my server's cpanel security. Yesterday afternoon, I started receiving email requests to change cpanel passwords for two accounts. I was alarmed because these 2 accounts were backed up on this server, but the domains were not active. I received about 6 or 7 password requests, but deleted them when they arrived. A few hours later, my server was frozen. It wouldn't respond to anything, SSH, FTP or Apache. I had the center reboot the server and everything has been functioning fine. I am worried because I logged into one of my cpanel accounts and it shows the last login as being from an IP in Malaysia. I changed the passwords and made sure all of my software was updated. Today, I logged in although at first, it showed my IP, I logged in a few hours last and it shows the last login as coming from an IP in Plano, Texas. This is after I changed all of the passwords.
Is there anything that could cause another IP to show where the last login IP would be shown? Are there any known exploits right now? I am very concerned with the security of this machine and any help will be very, very much appreciated!
Is there anything that could cause another IP to show where the last login IP would be shown? Are there any known exploits right now? I am very concerned with the security of this machine and any help will be very, very much appreciated!