Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

unknown ip in my access log

Discussion in 'Security' started by chanklish, Apr 30, 2019.

  1. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    hello awesome people
    so i am checking my access log and i find several things and IP i do not know like - Removed - and such ..
    what are these exactly ? i have 2FA,access host control only to my IP,cphulk and firewall enabled .. am i hacked?

    - PDF file removed -
     
    #1 chanklish, Apr 30, 2019
    Last edited by a moderator: Apr 30, 2019
  2. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    Mod why was the attachment removed ? how can i show my log then ?!
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    My apologies, I don't know you and have no need to see something in pdf format. These days thats a bad idea all around. We don't need actual domain names or IP addresses posted to these forums. Please review this thread for more details:
    Guide To Opening An Effective Forums Thread

    If you suspect your server might have been compromised, you might want to hire someone to take a closer look for you:
    System Administration Services | cPanel Forums

    Analyzing a compromsed server on the forums is not the best way to go here, I don't think.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    i just wanted an advice to know if i need system admin services - all the IP and domains shown in the pdf log are not mine
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please feel free to post a snip of the log output wrapped in bbcode code tags with partially obfuscated IP addresses. We don't know what the problem is, but there's no need to display the actual IPs from your log, on a public forum. (Even if it is a bad guy.)

    That might be helpful here.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    hi infopro
    these are two examples

    Code:
    139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/whm-logo_white.svg HTTP/1.1" 200 0 "https://server.example.com:2087/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css HTTP/1.1" 200 0 "https://server.example.com:2087/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/notice-error.png HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    139.194.12x.xxx - - [01/01/2017:16:30:27 -0000] "GET /cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    139.194.12x.xxx - - [01/01/2017:16:30:28 -0000] "GET /cPanel_magic_revision_1386192033/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1386192030/unprotected/cpanel/fonts/open_sans/open_sans.min.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    

    Code:
    71.6.146.xxx - - [12/27/2016:20:39:17 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" "-" "-" 2083
    - - - [12/27/2016:20:39:18 -0000] "-" 301 0 "" "-" "-" "-" 2082
    - - - [12/27/2016:20:39:18 -0000] "-" 301 0 "" "-" "-" "-" 2082
    - - - [12/27/2016:20:39:23 -0000] "-" 301 0 "" "-" "-" "-" 2082
    127.0.0.1 - - [12/27/2016:20:40:20 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "" "-" "-" "-" 2086
    127.0.0.1 - - [12/28/2016:03:56:56 -0000] "GET / HTTP/1.1" 401 0 "" "HTTP-Tiny/0.058" "-" "-" 2086
    66.240.219.xxx - - [12/28/2016:07:24:02 -0000] "GET / HTTP/1.1" 301 0 "" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" "-" "-" 2086
    66.240.219.xxx - - [12/28/2016:07:24:05 -0000] "GET / HTTP/1.1" 401 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36" "-" "-" 2087
    139.194.12x.xxx - - [01/01/2017:16:30:28 -0000] "GET /cPanel_magic_revision_1472153805/unprotected/cpanel/images/cp-logo_white.svg HTTP/1.1" 200 0 "https://server.example.com:2087/cPanel_magic_revision_1472153805/unprotected/cpanel/style_v2_optimized.css" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" "-" "-" 2087
    
     
    #6 chanklish, May 2, 2019
    Last edited by a moderator: May 2, 2019
  7. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you noticed the dates on these entries?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    yes but i have similar entries in 2019
    Code:
    172.104.133.xxx - - [12/10/2018:17:04:38 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    172.104.133.xxx - - [12/10/2018:17:04:39 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    
    Code:
    46.188.107.xxx - - [12/10/2018:23:35:49 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    176.14.10.xx - - [12/10/2018:23:35:51 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    Code:
    95.28.230.1xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    128.72.43.xx7 - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2087
    46.42.129.xxx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2083
    188.244.34.1xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2087
    176.193.125.xx - - [12/12/2018:13:18:44 -0000] "-" 401 0 "-" "-" "-" "-" 2096
    37.204.192.1xx - - [12/12/2018:13:18:50 -0000] "-" 401 0 "-" "-" "-" "-" 2083
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    None of them are 2019 either.

    To answer your original question with concern for your account being compromised, I don't think it is.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    yes i did not choose 2019 specifically as i was trying to show the most of the ip
    thank you
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice