Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to find out which IP changed the root password

Discussion in 'General Discussion' started by Neutrall, May 12, 2016.

  1. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    DataCenter Provider
    Hi,

    I'm currently trying find out which IP change the root password in a cPanel server.

    I'm trying to browse in the /usr/local/cpanel/logs/access_log file without success.

    Is there a quick method for finding which IP change the root password?
     
  2. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    DataCenter Provider
    Update,


    I've found that in the file /var/log/secure I can see password changed my from ssh command, but I can't see the root password changed made from inside cPanel. (Which is what I need to find out...)
     
  3. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    604
    Likes Received:
    42
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Please try to find logs in the /var/log/secure file.

    You can use the command

    Code:
    grep passwd /var/log/secure
    
    Also, check in the cpanel access logs using bellow command.

    grep chrootpass /usr/local/cpanel/logs/access_log |grep POST
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Neutrall likes this.
  4. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    DataCenter Provider
    Thank you,

    I was missing the keyword "chrootpass" to make my life easier!
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see the previous response was helpful. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice