How we can find who is add forwarder email in cPanel

Fadly

Registered
May 17, 2021
2
0
1
Indonesia
cPanel Access Level
Root Administrator
Dear All,
Can help me to find, where is the log file if i want to know who is added address email as forwarder in cPanel.
one of my clients, the email address is added by the forwarder to a specific email address.
how to know when and via login who the intruder added the email forward.
Thank You
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,062
775
313
cPanel Access Level
Root Administrator
Hey there! This type of activity would be stored in the main cPanel access log at /usr/local/cpanel/logs/access_log. Viewing the cPanel >> Forwarders page would cause this to show up in that log:

Code:
4.3.2.1 - username [05/18/2021:17:10:05 -0000] "GET /cpsess4473512384/frontend/paper_lantern/mail/fwds.html HTTP/1.1" 200 0 "https://1.2.3.4:2083/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "s" "-" 2083
where the "4.3.2.1" IP is the user accessing the server.

Clicking the blue "Add Forwarder" button leaves a log for the "/cpsess4473512384/frontend/paper_lantern/mail/addfwd.html" page in that log file.

I hope that helps you track this down!
 

Fadly

Registered
May 17, 2021
2
0
1
Indonesia
cPanel Access Level
Root Administrator
Hi cPRex,
Thank You for your info.
i already see the log..
whats is different this log
1. x.x.x.x proxy userdomain1 [04/23/2021:02:04:27 with
2. x.x.x.x - userdomain2 [04/23/2021:04:16:10

#1 have PROXY and #2 don't have proxy.

can you explain for me.. Thank You


Fadly