Investigate further Email Login Attempts

glocorp

Member
Dec 5, 2013
7
0
1
cPanel Access Level
Root Administrator
Good Day,

(Please move this if it is in the wrong category/thread)

We are trying to investigate a number of failed attempt of accessing this specific email using their IP ISP. Unfortunately all I can get on the cP Hulk Force Protection is the IP of their ISP/Branch and the email, but there are too many people who are trying to access different emails in that IP. Is there any way we can pin point or know the computer name who is/are trying to access this specific email? So we can see if it is a virus/bot/malware?

PS: I also see this in cP Hulk, Authentication Service "Mail"

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

Could you clarify what you mean by the ISP/Branch of the authentication attempt? cPHulk should list the specific IP address making the connection. However, it will not output information such as the MAC address of the computer making the connection, if that's what you mean.

Thank you.
 

glocorp

Member
Dec 5, 2013
7
0
1
cPanel Access Level
Root Administrator
Hello :)

Could you clarify what you mean by the ISP/Branch of the authentication attempt? cPHulk should list the specific IP address making the connection. However, it will not output information such as the MAC address of the computer making the connection, if that's what you mean.

Thank you.

Someone from their Branch is trying to access an email account but it always failed attempt, this means that this is a Virus/Malware. But there are too many PCs there so it is hard to investigate one by one which PC is infected and trying to access that specific email. Is there a way to know which PC is infected?

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
The branch will likely need to complete an internal audit/scan of their system. Exim is only going to show you the IP address of the incoming connection.

Thank you.