The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to find out which IP changed the root password

Discussion in 'General Discussion' started by Neutrall, May 12, 2016.

  1. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Hi,

    I'm currently trying find out which IP change the root password in a cPanel server.

    I'm trying to browse in the /usr/local/cpanel/logs/access_log file without success.

    Is there a quick method for finding which IP change the root password?
     
  2. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Update,


    I've found that in the file /var/log/secure I can see password changed my from ssh command, but I can't see the root password changed made from inside cPanel. (Which is what I need to find out...)
     
  3. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    322
    Likes Received:
    24
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Please try to find logs in the /var/log/secure file.

    You can use the command

    Code:
    grep passwd /var/log/secure
    
    Also, check in the cpanel access logs using bellow command.

    grep chrootpass /usr/local/cpanel/logs/access_log |grep POST
     
    Neutrall likes this.
  4. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Thank you,

    I was missing the keyword "chrootpass" to make my life easier!
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page