The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to track who have login to my cpanel ?

Discussion in 'Security' started by jacklee, Dec 17, 2014.

  1. jacklee

    jacklee Registered

    Joined:
    Dec 17, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi there ,I'm new in Cpanel
    Recently i find out my cpanel have somebody login and upload some file inside , and i no know who is it . did anyone know how to track ? Example Ip , and what "him" have update into cpanel ? something like a logs file ?
    I have try open
    /usr/local/cpanel/logs/error_log
    /usr/local/cpanel/logs/access_log
    /usr/local/cpanel/logs/login_log

    via putty but didn't show upload file record .
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    What method was used to upload files? If it was through FTP, then you may find the following log useful:

    /var/log/messages

    Thank you.
     
  3. jacklee

    jacklee Registered

    Joined:
    Dec 17, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I not sure what the method him use . But most probably is via cpanel i guess . Because once i sent cpanel login detail to 3rd party it happening the website be delete and upload other file inside . can i track what the file him has delete and what is his ip ? i try view var/log/messages .Almost all the message show this " Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED "
     
  4. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    You can find out all cPanel activities in /usr/local/cpanel/logs/access_log file. Please try with following command so that you will get the all details of your cPanel user.

    Code:
    cat  /usr/local/cpanel/logs/access_log | grep CPUSERNAME
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you even read the first post?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Are there any scripts uploaded to the website that could have been exploited and used to upload files?

    Thank you.
     
Loading...

Share This Page