Skip to main content

Hosted Account Compromised

tukcash
hi, we've got confused, how do they got access to our admin panel i am a bit confused wether they use our cpanel to root the password or not i wonder if this log means they success login to cpanel or ? it would be much appreciated, if someone can help 117.20.xx.xx - username [04/28/2014:16:36:55 -0000] "GET /cpsess6538418361/ HTTP/1.1" 200 0 "http://us6.domain.com:2082/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:56 -0000] "GET /cpsess6538418361/frontend/x3/index.html HTTP/1.1" 200 0 "http://us6.domain.com:2082/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:57 -0000] "GET /cPanel_magic_revision_1380278029/frontend/x3/branding/local.css HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:57 -0000] "GET /cPanel_magic_revision_1380278115/frontend/x3/branding/top-logo_opt.png HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:57 -0000] "GET /cPanel_magic_revision_1383771247/frontend/x3/css/combined_optimized.css HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:57 -0000] "GET /cPanel_magic_revision_1380278020/frontend/x3/js/x3main_optimized.js HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:57 -0000] "GET /cPanel_magic_revision_1380278053/frontend/x3/branding/tbl-bg.jpg HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:57 -0000] "GET /cPanel_magic_revision_1380278224/yui-gen/utilities_container/utilities_container.js HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:57 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/index.live.php?act=top HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:36:51 -0000] "GET /cPanel_magic_revision_1397077323/cjt/cpanel-all-min-en.js HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 139.228.171.179 - username [04/28/2014:16:36:58 -0000] "GET /cpsess8604525691/frontend/x3/images/stats-disabled.gif HTTP/1.1" 200 0 "http://174.37.101.184:2082/cpsess8604525691/frontend/x3/statmanager/index.html" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.4.9999.1900 Safari/537.31 BDSpark/26.4" "-" 117.20.xx.xx - username [04/28/2014:16:37:00 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_cms.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:00 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_blogs.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:00 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_forums.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:00 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_microblogs.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:00 -0000] "GET /cpsess6538418361/frontend/x3/main_page_warnings.html HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:01 -0000] "GET /cPanel_magic_revision_85636699996.1116/frontend/x3/branding/ui_sprites_img_only_filetype_gif.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:01 -0000] "GET /cPanel_magic_revision_4626413692.42959/frontend/x3/branding/heading_sprites_compleximg.jpg HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:01 -0000] "GET /cPanel_magic_revision_15090641736.6156/frontend/x3/branding/heading_sprites_img.png HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:01 -0000] "GET /cPanel_magic_revision_77128211691.5796/frontend/x3/branding/heading_sprites_bg_snap_to_smallest_width.png HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:02 -0000] "GET /cPanel_magic_revision_70971113695.9425/frontend/x3/branding/ui_sprites_bg_snap_to_smallest_width.png HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:02 -0000] "GET /cPanel_magic_revision_0/cjt/images/loading.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:01 -0000] "GET /cPanel_magic_revision_45885730267.7677/frontend/x3/branding/icon_sprites_img.jpg HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:02 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_galleries.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:03 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_wikis.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:03 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_socialnetworking.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:03 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_admanager.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:03 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_calendars.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:03 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_games.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_mail.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_polls.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_projectman.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_ecommerce.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_erp.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_guestbooks.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_customersupport.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_frameworks.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:04 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_educational.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_dbtools.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_music.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_video.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_rss.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_files.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/php_others.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/js_libraries.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/js_widgets.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/perl_blogs.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/perl_wikis.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:05 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/perl_forums.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:06 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/perl_ecommerce.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:06 -0000] "GET /cpsess6538418361/frontend/x3/softaculous/themes/default/images/cats/perl_mail.gif HTTP/1.1" 200 0 "http://us6.domain.com:2082/cpsess6538418361/frontend/x3/index.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-" 117.20.xx.xx - username [04/28/2014:16:37:08 -0000] "GET /cPanel_magic_revision_1380278044/frontend/x3/branding/favicon.ico HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" "-"

Comments

2 comments

Date Votes
  • vanessa
    It means that someone has the credentials to the cPanel account in question and was able to log in. Change the password.
    0
  • cPanelMichael
    Hello :) In addition to changing the cPanel account password, it's likely a good idea to change any other passwords (FTP, email) associated with that account. You may want to consider consulting with a qualified system administrator to review the security of your system if it's not something you are comfortable with. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post