hmaddy

Well-Known Member
May 6, 2020
187
22
18
Chennai
cPanel Access Level
Root Administrator
tail -f /usr/local/cpanel/logs/login_log
[2021-11-25 16:21:42 +0100] info [cpaneld] 49.37.187.131 - rosalind "GET /cPanel_magic_revision_1627842895/frontend/jupiter/styles/remixicon.woff2?t=1590207869815 HTTP/1.1" DEFERRED LOGIN cpaneld: security token missing
[2021-11-25 16:21:42 +0100] info [cpaneld] 49.37.187.131 - rosalind "GET /cPanel_magic_revision_1627842895/frontend/jupiter/styles/remixicon.woff?t=1590207869815 HTTP/1.1" DEFERRED LOGIN cpaneld: security token missing
[2021-11-25 16:21:43 +0100] info [cpaneld] 49.37.187.131 - rosalind "GET /cPanel_magic_revision_1627842895/frontend/jupiter/styles/remixicon.ttf?t=1590207869815 HTTP/1.1" DEFERRED LOGIN cpaneld: security token missing
[2021-11-25 16:21:43 +0100] info [cpaneld] 49.37.187.131 - rosalind "GET /cPanel_magic_revision_1627842895/frontend/jupiter/styles/remixicon.ttf?t=1590207869815 HTTP/1.1" DEFERRED LOGIN cpaneld: security token missing
[2021-11-25 16:21:43 +0100] info [cpaneld] 49.37.187.131 - rosalind "GET /cPanel_magic_revision_1627842895/frontend/jupiter/styles/remixicon.ttf?t=1590207869815 HTTP/1.1" DEFERRED LOGIN cpaneld: security token missing
[2021-11-25 16:49:52 +0100] info [cpaneld] 157.44.152.42 - travanco "GET /cpsess3982500437/3rdparty/phpMyAdmin/db_import.php?db=travanco_nima HTTP/1.1" DEFERRED LOGIN cpaneld: cookie ip check: IP address has changed: IP Address [157.44.175.] != Current IP Address [157.44.152.42]
[2021-11-25 16:51:05 +0100] info [cpaneld] 157.44.152.42 - travanco "GET /cpsess0457498125/frontend/jupiter/filemanager/index.html HTTP/1.1" DEFERRED LOGIN cpaneld: security token incorrect
[2021-11-25 16:51:05 +0100] info [cpaneld] 157.44.152.42 - travanco "GET /cpsess0457498125/frontend/jupiter/filemanager/index.html HTTP/1.1" DEFERRED LOGIN cpaneld: security token incorrect
[2021-11-25 16:51:06 +0100] info [cpaneld] 157.44.152.42 - travanco "GET /cpsess0457498125/frontend/jupiter/filemanager/index.html HTTP/1.1" DEFERRED LOGIN cpaneld: security token incorrect
[2021-11-25 16:51:06 +0100] info [cpaneld] 157.44.152.42 - travanco
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
583
54
103
Houston, TX
cPanel Access Level
Root Administrator
I'm not seeing any WHM/root login attempts there. Can you first find the local IP address from your machine that you're connecting to the server from?


You will want the public IPv4 address from your location. Then, you can search for this IP address in the logs.

Code:
grep $ipaddress /usr/local/cpanel/logs/login_log | grep -i 'root' | tail -50
 

hmaddy

Well-Known Member
May 6, 2020
187
22
18
Chennai
cPanel Access Level
Root Administrator
[2021-11-20 07:50:32 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-20 08:09:48 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-22 08:27:53 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-22 08:27:53 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-24 14:07:26 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-24 14:07:46 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-25 16:12:05 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-25 16:13:11 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-25 16:14:28 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-25 16:15:06 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-25 16:18:41 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-25 17:08:53 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing
[2021-11-25 17:15:52 +0100] info [whostmgrd] 49.37.187.131 - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing