How to find out which IP changed the root password

N

Neutrall

Active Member
PartnerNOC
Jul 22, 2014
27
3
53
cPanel Access Level
DataCenter Provider
Hi,

I'm currently trying find out which IP change the root password in a cPanel server.

I'm trying to browse in the /usr/local/cpanel/logs/access_log file without success.

Is there a quick method for finding which IP change the root password?
 
N

Neutrall

Active Member
PartnerNOC
Jul 22, 2014
27
3
53
cPanel Access Level
DataCenter Provider
Update,


I've found that in the file /var/log/secure I can see password changed my from ssh command, but I can't see the root password changed made from inside cPanel. (Which is what I need to find out...)
 
SysSachin

SysSachin

Well-Known Member
Aug 23, 2015
604
49
28
India
cPanel Access Level
Root Administrator
Twitter
Hello,

Please try to find logs in the /var/log/secure file.

You can use the command

Code: 
grep passwd /var/log/secure
Also, check in the cpanel access logs using bellow command.

grep chrootpass /usr/local/cpanel/logs/access_log |grep POST
 
  • Like
Reactions: Neutrall
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello,

I'm happy to see the previous response was helpful. Thank you for updating us with the outcome.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J Official Red Hat log4j checker finds positive Security 4
P How to find hackers access point Security 8
F How we can find who is add forwarder email in cPanel Security 3
benito Find who deleted email accounts Security 3
D How to find out which site is vulnerable ? Security 2
Similar threads
Official Red Hat log4j checker finds positive
How to find hackers access point
How we can find who is add forwarder email in cPanel
Find who deleted email accounts
How to find out which site is vulnerable ?
Top Bottom