How to track who have login to my cpanel ?
Hi there ,I'm new in Cpanel
Recently i find out my cpanel have somebody login and upload some file inside, and i no know who is it . did anyone know how to track ? Example Ip, and what "him" have update into cpanel ? something like a logs file ?
I have try open
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/login_log
via putty but didn't show upload file record .
-
Hello :) What method was used to upload files? If it was through FTP, then you may find the following log useful: /var/log/messages Thank you. 0 -
]Hello :) What method was used to upload files? If it was through FTP, then you may find the following log useful: /var/log/messages Thank you.
I not sure what the method him use . But most probably is via cpanel i guess . Because once i sent cpanel login detail to 3rd party it happening the website be delete and upload other file inside . can i track what the file him has delete and what is his ip ? i try view var/log/messages .Almost all the message show this " Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED "0 -
Hello, You can find out all cPanel activities in /usr/local/cpanel/logs/access_log file. Please try with following command so that you will get the all details of your cPanel user. cat /usr/local/cpanel/logs/access_log | grep CPUSERNAME0 -
]Hello, You can find out all cPanel activities in /usr/local/cpanel/logs/access_log file. Please try with following command so that you will get the all details of your cPanel user.
cat /usr/local/cpanel/logs/access_log | grep CPUSERNAME
Did you even read the first post?0 -
]I not sure what the method him use . But most probably is via cpanel i guess
Are there any scripts uploaded to the website that could have been exploited and used to upload files? Thank you.0
Please sign in to leave a comment.
Comments
5 comments