The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Viewing IP Logs

Discussion in 'Security' started by AllenH, Apr 14, 2016.

  1. AllenH

    AllenH Registered

    Joined:
    Feb 12, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston, TX
    cPanel Access Level:
    Reseller Owner
    Good morning.
    Our emails were blacklisted by AT&T. They removed us on a probationary basis, but suggested, "Please thoroughly check your IP logs before requesting removal."
    I cannot seem to find where to find these logs. I have root access.
    I do not suspect we have been compromised, but would like to be sure because Barracuda has also listed us and will not let go, nor explain why.
    Thanks in advance.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I would check your email queue (exim) for suspect mail or to see if an account (email or cpanel account) or website is compromised.

    You can check /var/log/exim_mainlog but this is very labor intensive. It would be easier to check the mail queue manager in WHM but this can be quite slow if something is actually compromised and sending out spam. Do you have a managed hosting provider support who can help you? They deal with these types of things on a regular basis.

    I also recommend checking your main IP here : Email and SMTP reputation check

    it's a little known service but VERY useful because if you are spamming sometimes they can give you the headers so you can find the problem much easier.
     
  3. AllenH

    AllenH Registered

    Joined:
    Feb 12, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston, TX
    cPanel Access Level:
    Reseller Owner
    I do not expect we are compromised. We are leasing a VPS through Bluehost. I could probably get administrator help if something looks fishy. I just wanted to see if I could comply with AT&T's suggestion to check the IP traffic. I watch the Exim logs on a regular basis. Your suggestion sounds like a viable solution; I will just continue to watch them.
    Thank you very much for your kind help!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    A lot of that comes down to how long you've had the server. If you just got it, it's possible the last person with that IP dirtied the reputation.

    If you have had the server a long time, and are just now having these issues, then the question of compromise becomes a lot more relevant. Best of luck :)
     
Loading...

Share This Page