cPanel password change
Hello,
One of the resellers on our server reported a month ago that his client's cPanel password changing frequently.
We have tried various security implementations still the issue remains same.
We have suggested him 2FA, server scan done, he is saying our other providers not facing the same issue
-
Hey there! Have you confirmed in the cPanel access logs that the password is being changed through the end-user interface? Accessing the cPanel >> Password and Security page will show up as an entry like this in the cPanel access log file, /usr/local/cpanel/logs/access_log: x.x.x.x - username [10/03/2023:14:52:15 -0000] "GET /cpsess##########/frontend/jupiter/passwd/index.html HTTP/1.1" 200 0 "https://host.domain.com:2083/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0" "s" "-" 2083
where "x.x.x.x" is the user's IP that is accessing the server.0 -
IPs show up as VPN and also Proxy server IPs 0 -
If they aren't the IPs that you expect from the end user, it's possible that user's local system has been compromised by a key logger or another similar tool that is allowing the hacker to get the password initially, and then change it in cPanel. 0
Please sign in to leave a comment.
Comments
3 comments