Hey there! Yes, the /home/username/.lastlogin file is specific to that user's cPanel account, and only tracks successful logins to the cPanel interface.
I have different ips in all my sites, with different dates. In one of then i have changed all my passwords, cpanel inclusive, and the same happens.
And in .lastlogin file the last login is one, and in the cpanel dashboard the last login is another one.
The dashboard will be different from the command line as it doesn't instantly update - you'll need to complete your session for that file to be written to.
If you're seeing several IPs there you don't recognize, especially if they are from countries you don't think should be accessing your system, your account could be compromised. Do you have root access to the server, or only access to the cPanel account?
If you're seeing several IPs there you don't recognize, especially if they are from countries you don't think should be accessing your system, your account could be compromised. Do you have root access to the server, or only access to the cPanel account?
Providers that sell cPanel licenses should be offering some level of support, although they may not be able to confirm specifically how a compromise happened. We wouldn't be able to guarantee we could find that on our end either.
They should be able to see if they user accessed cPanel through a regular login, which would indicate a compromised password, so that would at least give you something to work from.
They should be able to see if they user accessed cPanel through a regular login, which would indicate a compromised password, so that would at least give you something to work from.
There could be a vulnerability on your account causing the issue, or there could be password-stealing malware on your local machine.
This vulnerability is the responsibility of the hosting or I can do something.
I have Imunify360 and no malware was found in my account.
I have Imunify360 and no malware was found in my account.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| J | lastlogin not updating properly | Security | 1 |
| Similar threads |
|---|
| lastlogin not updating properly |