Skip to main content

malicious attacks that changed my cpanel password

Comments

3 comments

  • cPRex Jurassic Moderator
    Hey there! Do you have root access to the server or only access to your cPanel account? This type of investigative work needs to happen at the root admin level of the system, as your cPanel account data is no longer reliable.
    0
  • nrshagor001
    Hey there! Do you have root access to the server or only access to your cPanel account? This type of investigative work needs to happen at the root admin level of the system, as your cPanel account data is no longer reliable.

    I have WHM Access. how can i investigation ?
    0
  • cPRex Jurassic Moderator
    There isn't going to be one specific tool that will help through WHM. You'll want to check the server access logs in /usr/local/cpanel/logs/access_log to see who may have accessed the account. That log could also tell you what areas of the interface were accessed so you can determine if the password reset pages were accessed as part of this work. I will say, one of the most common ways that people reset passwords is through keylogger malware on the user's computer, and not issues with the server itself, so checking that would also be a good security step.
    0

Please sign in to leave a comment.