Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Last Login IP From

Discussion in 'Data Protection' started by James Hall, Aug 11, 2017.

  1. James Hall

    James Hall Registered

    Joined:
    Aug 11, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Hello Everyone :)

    I am wondering if anyone else is seeing this IP address [Removed] under "last login" when you login to cPanel? It is not my IP, has never been my IP, and it won't update or change for the last month or two. Out of 9 separate hosting accounts (unrelated logins and IP's) 3 of them are showing this as the last IP logged in.

    I can logout and back in quickly and the IP address still shows the last login was [Removed]?

    Thanks,
    Jim
     

    Attached Files:

    #1 James Hall, Aug 11, 2017
    Last edited by a moderator: Aug 11, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi Jim,

    The IP address that appears for "Last Login" is not the currently-authenticated IP address. For example, if you log in via the 10.1.1.1 IP address, and then log in multiple times via the 10.2.2.2 IP address, the interface will display 10.1.1.1 as the Last Login IP address. It will not display 10.2.2.2 as the Last Login IP address until you log in via a different IP address.

    As far as the source of that IP address, you may want to contact your provider to see if this is an IP address used by their support team.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Aug 11, 2017
  3. James Hall

    James Hall Registered

    Joined:
    Aug 11, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    It used to display my IP address for years. I've never had that IP address and since it is happening on 3 UNRELATED different hosting accounts that have totally unique usernames and 12 character passwords, I think something else is at play.

    How can it show an IP address as the "last login" unless they logged in from that IP address?

    Since my servers have brute force protection enabled (5 failures and a 30 wait) and I use firewall plugins on my sites I find this very strange. The IP has been reported as a possible source of SQL injection here: [Removed - No need to post the actual IP address here]

    Jim
     
    #3 James Hall, Aug 11, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi Jim,

    It doesn't mean the IP address in-question didn't access cPanel. That is in-fact something you should investigate to determine if the accounts were accessed by an unauthorized user. I was answering your question about why the "Last Login" IP address did not change after you logged out and then logged in again. That's normal behavior, and described in more detail on the following post:

    cPanel Control Panel "Last Login" clarification

    As far as the offending IP address itself, you may want to review /usr/local/cpanel/logs/access_log to get a better idea of when that IP addressed accessed cPanel and what actions it performed.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Aug 11, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Last Login
  1. prodjex

    cPanel Last Login IP Address

    prodjex, Mar 23, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    184
    prodjex
    Mar 26, 2018
  2. martin MHC

    cPanel Control Panel "Last Login" clarification

    martin MHC, Oct 25, 2016, in forum: General Discussion
    Replies:
    3
    Views:
    2,096
    cPanelMichael
    Oct 28, 2016
  3. Nirjonadda

    The last attempt to update cPanel & WHM was blocked

    Nirjonadda, May 14, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    93
    cPanelLauren
    May 14, 2018
  4. Nurs1927

    Elasticsearch heap size configuration?

    Nurs1927, May 1, 2018, in forum: Workarounds and Optimization
    Replies:
    5
    Views:
    77
    Infopro
    May 1, 2018
  5. Petar

    Amazon EC2, Elastic IP, NAT and license problem

    Petar, Jan 13, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    334
    cPanelMichael
    Jan 18, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice