Hi,
let me tell you the whole thing
1) One day i try to login into my cpanel account and unfortunately i a, unable to do so.
2) i try forget password and it given me the hint of email id that is not mine.
3) ok as i also am root user with whm i login and then login into my cpanel account throught whm
4) Now i find that somebody has created and email id in my own domain
5) using that email id requested the security key to reset password of cpanel
6) cpanel reports that the request came from ip 127.0.0.1 ie. the ip of the localhost as all of you know
7) And then the password was reset
8) After that in the same email create by the attacker, i find some successfully logged in messages from cpanel
9) which according to me should not be possible since i enabled 2 factor authentication into it
10) So how did the attacker1) created email in my web hosting account
11) How was he able to login without 2 factor authentcation
PLease help
let me tell you the whole thing
1) One day i try to login into my cpanel account and unfortunately i a, unable to do so.
2) i try forget password and it given me the hint of email id that is not mine.
3) ok as i also am root user with whm i login and then login into my cpanel account throught whm
4) Now i find that somebody has created and email id in my own domain
5) using that email id requested the security key to reset password of cpanel
6) cpanel reports that the request came from ip 127.0.0.1 ie. the ip of the localhost as all of you know
7) And then the password was reset
8) After that in the same email create by the attacker, i find some successfully logged in messages from cpanel
9) which according to me should not be possible since i enabled 2 factor authentication into it
10) So how did the attacker1) created email in my web hosting account
11) How was he able to login without 2 factor authentcation
PLease help
