The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel security help needed!

Discussion in 'Security' started by micetrap, May 4, 2006.

  1. micetrap

    micetrap Member

    Joined:
    Sep 4, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    I think I have a problem with my server's cpanel security. Yesterday afternoon, I started receiving email requests to change cpanel passwords for two accounts. I was alarmed because these 2 accounts were backed up on this server, but the domains were not active. I received about 6 or 7 password requests, but deleted them when they arrived. A few hours later, my server was frozen. It wouldn't respond to anything, SSH, FTP or Apache. I had the center reboot the server and everything has been functioning fine. I am worried because I logged into one of my cpanel accounts and it shows the last login as being from an IP in Malaysia. I changed the passwords and made sure all of my software was updated. Today, I logged in although at first, it showed my IP, I logged in a few hours last and it shows the last login as coming from an IP in Plano, Texas. This is after I changed all of the passwords.

    Is there anything that could cause another IP to show where the last login IP would be shown? Are there any known exploits right now? I am very concerned with the security of this machine and any help will be very, very much appreciated!
     
    #1 micetrap, May 4, 2006
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Successful logins will show up in /usr/local/cpanel/logs/access_log

    If you're finding IP addresses in there that should not be there, then you most likely have people logging into your accounts that shouldn't be and may need to have a security audit done on your server.

    Another check you could try is to look for odd shell access with:

    last -da | grep pts

    Any suspicious IP addresses there would also indicate a serious compromise on the server.
     
    #2 chirpy, May 4, 2006
  3. micetrap

    micetrap Member

    Joined:
    Sep 4, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    IPs

    last -da | grep pts shows only me and my friend's IPs.
     
    #3 micetrap, May 4, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Cpanel security help
  1. jndawson

    SOLVED Mod Security rule changes in cPanel 64

    jndawson, Mar 29, 2017, in forum: General Discussion
    Replies:
    4
    Views:
    249
    cPanelMichael
    Mar 30, 2017
  2. Boris Horvat

    cPanel Security Advisor Issue

    Boris Horvat, Mar 1, 2017, in forum: Security
    Replies:
    22
    Views:
    825
    cPanelMichael
    Apr 25, 2017
  3. ksgalicia

    SOLVED cPanel Security Advisor & EA4

    ksgalicia, Jan 7, 2017, in forum: DiscusiĆ³n en EspaƱol
    Replies:
    13
    Views:
    548
    cPanelMichael
    Jan 26, 2017
  4. EneTar

    Horde with cPanel session security tokens

    EneTar, Dec 12, 2016, in forum: E-mail Discussions
    Replies:
    2
    Views:
    381
    EneTar
    Dec 12, 2016
  5. bouvrie

    cPanel Server Security & Management Best Practices?

    bouvrie, Dec 2, 2016, in forum: Security
    Replies:
    1
    Views:
    392
    cPanelMichael
    Dec 2, 2016

Share This Page