How we can find who is add forwarder email in cPanel
Dear All,
Can help me to find, where is the log file if i want to know who is added address email as forwarder in cPanel.
one of my clients, the email address is added by the forwarder to a specific email address.
how to know when and via login who the intruder added the email forward.
Thank You
-
Hey there! This type of activity would be stored in the main cPanel access log at /usr/local/cpanel/logs/access_log. Viewing the cPanel >> Forwarders page would cause this to show up in that log: 4.3.2.1 - username [05/18/2021:17:10:05 -0000] "GET /cpsess4473512384/frontend/paper_lantern/mail/fwds.html HTTP/1.1" 200 0 "https://1.2.3.4:2083/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" "s" "-" 2083
where the "4.3.2.1" IP is the user accessing the server. Clicking the blue "Add Forwarder" button leaves a log for the "/cpsess4473512384/frontend/paper_lantern/mail/addfwd.html" page in that log file. I hope that helps you track this down!0 -
Hi cPRex, Thank You for your info. i already see the log.. whats is different this log 1. x.x.x.x proxy userdomain1 [04/23/2021:02:04:27 with 2. x.x.x.x - userdomain2 [04/23/2021:04:16:10 #1 have PROXY and #2 don't have proxy. can you explain for me.. Thank You Fadly 0 -
Sure thing! this indicates the system was accessed with a proxy subdomain, like cpanel.domain.dom. It's common to see that in the logs, and doesn't indicate an issue with the user or the server. 0
Please sign in to leave a comment.
Comments
3 comments