The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unauthorized access over FTP

Discussion in 'Security' started by ctlee15, Dec 4, 2015.

  1. ctlee15

    ctlee15 Member

    Joined:
    Jun 5, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Greetings,

    We had an authorized access over FTP during the month of October. We would like to identify from which IP address(es) the unauthorized access occurred.

    There is a file in the archived raw logs called 'ftp.xyzcompany.com-ftp_log-Oct-2015.gz'. Can this log be used to identify the IP address from which the unauthorized access occured? Also, would you recommend that I check the following files:

    -cPanel access logs (The access log in /usr/local/cpanel/logs/), and
    -domains apache domlogs (/usr/local/apache/domlogs/domain.com)

    Thank you in advance for your time.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    FTP activity is logged to:

    /var/log/messages

    Could you elaborate on what leads you to suspect access from an unauthorized IP address?

    Thank you.
     
Loading...

Share This Page