How to track who have login to my cpanel ?

[jacklee]

Hi there ,I'm new in Cpanel
Recently i find out my cpanel have somebody login and upload some file inside , and i no know who is it . did anyone know how to track ? Example Ip , and what "him" have update into cpanel ? something like a logs file ?
I have try open
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/login_log

via putty but didn't show upload file record .

 

[cPanelMichael]

Hello

What method was used to upload files? If it was through FTP, then you may find the following log useful:

/var/log/messages

Thank you.

 

[jacklee]

Hello

What method was used to upload files? If it was through FTP, then you may find the following log useful:

/var/log/messages

Thank you.

I not sure what the method him use . But most probably is via cpanel i guess . Because once i sent cpanel login detail to 3rd party it happening the website be delete and upload other file inside . can i track what the file him has delete and what is his ip ? i try view var/log/messages .Almost all the message show this " Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED "

 

[24x7server]

Hello,

You can find out all cPanel activities in /usr/local/cpanel/logs/access_log file. Please try with following command so that you will get the all details of your cPanel user.

cat  /usr/local/cpanel/logs/access_log | grep CPUSERNAME

 

[Infopro]

Hello,

You can find out all cPanel activities in /usr/local/cpanel/logs/access_log file. Please try with following command so that you will get the all details of your cPanel user.

cat  /usr/local/cpanel/logs/access_log | grep CPUSERNAME

Did you even read the first post?

 

[cPanelMichael]

I not sure what the method him use . But most probably is via cpanel i guess

Are there any scripts uploaded to the website that could have been exploited and used to upload files?

Thank you.