How to track who have login to my cpanel ?

jacklee

Registered
Dec 17, 2014
4
0
1
cPanel Access Level
Root Administrator
Hi there ,I'm new in Cpanel
Recently i find out my cpanel have somebody login and upload some file inside , and i no know who is it . did anyone know how to track ? Example Ip , and what "him" have update into cpanel ? something like a logs file ?
I have try open
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/login_log

via putty but didn't show upload file record .
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello :)

What method was used to upload files? If it was through FTP, then you may find the following log useful:

/var/log/messages

Thank you.
 

jacklee

Registered
Dec 17, 2014
4
0
1
cPanel Access Level
Root Administrator
Hello :)

What method was used to upload files? If it was through FTP, then you may find the following log useful:

/var/log/messages

Thank you.
I not sure what the method him use . But most probably is via cpanel i guess . Because once i sent cpanel login detail to 3rd party it happening the website be delete and upload other file inside . can i track what the file him has delete and what is his ip ? i try view var/log/messages .Almost all the message show this " Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED "
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
99
78
India
cPanel Access Level
Root Administrator
Twitter
Hello,

You can find out all cPanel activities in /usr/local/cpanel/logs/access_log file. Please try with following command so that you will get the all details of your cPanel user.

Code:
cat  /usr/local/cpanel/logs/access_log | grep CPUSERNAME
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
I not sure what the method him use . But most probably is via cpanel i guess
Are there any scripts uploaded to the website that could have been exploited and used to upload files?

Thank you.