The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Investigate further Email Login Attempts

Discussion in 'E-mail Discussions' started by glocorp, Dec 5, 2013.

  1. glocorp

    glocorp Member

    Joined:
    Dec 5, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Good Day,

    (Please move this if it is in the wrong category/thread)

    We are trying to investigate a number of failed attempt of accessing this specific email using their IP ISP. Unfortunately all I can get on the cP Hulk Force Protection is the IP of their ISP/Branch and the email, but there are too many people who are trying to access different emails in that IP. Is there any way we can pin point or know the computer name who is/are trying to access this specific email? So we can see if it is a virus/bot/malware?

    PS: I also see this in cP Hulk, Authentication Service "Mail"

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you clarify what you mean by the ISP/Branch of the authentication attempt? cPHulk should list the specific IP address making the connection. However, it will not output information such as the MAC address of the computer making the connection, if that's what you mean.

    Thank you.
     
  3. glocorp

    glocorp Member

    Joined:
    Dec 5, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    Someone from their Branch is trying to access an email account but it always failed attempt, this means that this is a Virus/Malware. But there are too many PCs there so it is hard to investigate one by one which PC is infected and trying to access that specific email. Is there a way to know which PC is infected?

    Thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The branch will likely need to complete an internal audit/scan of their system. Exim is only going to show you the IP address of the incoming connection.

    Thank you.
     

Share This Page