Skip to main content

Breached cPanel - multiple logged logins even with 2FA enabled

Comments

2 comments

  • cPRex Jurassic Moderator
    Hey there! This issue might be better handled through a ticket so we can actually see the server and ensure no compromise on the server side is helping this happen. If you are able to make a ticket, please post the number here so I can follow along.
    0
  • dorianc
    I went with Host Access Control by allowing only the owner's static IP to the cPanel access. This should lock it down completely. Common sense applies that WP plugin or theme is vulnerable to some kind of an attack - but the logs are stating a completely opposite situation as the cPanel login page is accessed first by the attacker - there's absolutely no trace of any kind of exploit or vulnerability attack in the web server logs. Restricting cPanel access to one IP should patch it up temporarily.
    0

Please sign in to leave a comment.