WHM login two factor auth logging?

M

Michael Smith

Registered
Sep 10, 2016
4
1
3
United Kingdom
cPanel Access Level
Root Administrator
So this afternoon one of our servers got compromised, We have already migrated the data away and locked it down. The problem i am trying to understand is someone logged into WHM using root and somehow got around the 2 factor auth.

Is there a way i can check the logs as to how they logged in, and if they did indeed bypass 2 factors or did put it in ?
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
You can check the access logs for any logins on the server, there are a couple of other logs located in the same location at /usr/local/cpanel/logs which I think might be helpful as well:

access_log
session_log
login_log
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C WHM Login page found in Google Security 6
P Cant login to WHM Security 13
U Cant login WHM Security 1
M Two Factor Authentication error can't login to whm Security 1
Sujoy Dhar SOLVED I cant login to WHM due to Two Factor Authentication Security 2
Similar threads
WHM Login page found in Google
Cant login to WHM
Cant login WHM
Two Factor Authentication error can't login to whm
SOLVED I cant login to WHM due to Two Factor Authentication
Top Bottom