Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cpanel security help needed!

Discussion in 'Security' started by micetrap, May 4, 2006.

  1. micetrap

    micetrap Member

    Joined:
    Sep 4, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    I think I have a problem with my server's cpanel security. Yesterday afternoon, I started receiving email requests to change cpanel passwords for two accounts. I was alarmed because these 2 accounts were backed up on this server, but the domains were not active. I received about 6 or 7 password requests, but deleted them when they arrived. A few hours later, my server was frozen. It wouldn't respond to anything, SSH, FTP or Apache. I had the center reboot the server and everything has been functioning fine. I am worried because I logged into one of my cpanel accounts and it shows the last login as being from an IP in Malaysia. I changed the passwords and made sure all of my software was updated. Today, I logged in although at first, it showed my IP, I logged in a few hours last and it shows the last login as coming from an IP in Plano, Texas. This is after I changed all of the passwords.

    Is there anything that could cause another IP to show where the last login IP would be shown? Are there any known exploits right now? I am very concerned with the security of this machine and any help will be very, very much appreciated!
     
    #1 micetrap, May 4, 2006
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Successful logins will show up in /usr/local/cpanel/logs/access_log

    If you're finding IP addresses in there that should not be there, then you most likely have people logging into your accounts that shouldn't be and may need to have a security audit done on your server.

    Another check you could try is to look for odd shell access with:

    last -da | grep pts

    Any suspicious IP addresses there would also indicate a serious compromise on the server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 chirpy, May 4, 2006
  3. micetrap

    micetrap Member

    Joined:
    Sep 4, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    IPs

    last -da | grep pts shows only me and my friend's IPs.
     
    #3 micetrap, May 4, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Cpanel security help
  1. Shipon

    cPanel security

    Shipon, Nov 20, 2018, in forum: Security
    Replies:
    1
    Views:
    99
    cPanelMichael
    Nov 21, 2018
  2. Nirjonadda

    In Progress [CPANEL-23606] cPanel Security Advisor missing kernel information when kernelcare is installed

    Nirjonadda, Oct 19, 2018, in forum: General Discussion
    Replies:
    10
    Views:
    199
    cPanelLauren
    Oct 24, 2018
  3. ottdev

    cPanel's implementation of Mod_Security

    ottdev, Aug 8, 2018, in forum: Security
    Replies:
    2
    Views:
    266
    cPanelLauren
    Aug 10, 2018
  4. EternalGlory

    cPanel + reverse proxy = invalid security token

    EternalGlory, Jul 21, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    245
    cPanelMichael
    Jul 23, 2018
  5. mayadesigns

    Mod Security cPanel Feature Missing

    mayadesigns, May 22, 2018, in forum: EasyApache
    Replies:
    5
    Views:
    337
    cPanelMichael
    May 31, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice