i get email regarding succesfull cpanel login even after i enabled 2 factor authentication

ltoso

Active Member
Jan 4, 2009
25
0
51
Hi,
let me tell you the whole thing
1) One day i try to login into my cpanel account and unfortunately i a, unable to do so.
2) i try forget password and it given me the hint of email id that is not mine.
3) ok as i also am root user with whm i login and then login into my cpanel account throught whm
4) Now i find that somebody has created and email id in my own domain
5) using that email id requested the security key to reset password of cpanel
6) cpanel reports that the request came from ip 127.0.0.1 ie. the ip of the localhost as all of you know
7) And then the password was reset
8) After that in the same email create by the attacker, i find some successfully logged in messages from cpanel
9) which according to me should not be possible since i enabled 2 factor authentication into it
10) So how did the attacker1) created email in my web hosting account
11) How was he able to login without 2 factor authentcation

PLease help
 

cPanelAxel

Team Lead Technical Analyst
Staff member
Jan 3, 2019
22
4
78
Houston
cPanel Access Level
Root Administrator
Hello,

Due to the nature of the reported issue, I believe it may be best to create a ticket with our support team to further review the events that may have transpired within your server.

Feel free to open a support request with us using the link in my signature and we can try to help.

Thanks!