Search all accounts for file and/or list accounts with activity?

peterallcdn

• December 09, 2016 09:34

Hello, Is there a way in WHM to either... A) Search all accounts for files by name? B) List all accounts with recent activity such as file uploads, new email address creation etc? An account was found to have been compromised and had phishing files uploaded. Unfortunately that account is one of dozens of gateway site accounts set up years and years ago and they have similar login credentials. These accounts will be removed or consolidated as soon as I have free time, but for now I'd like a quick way to spot any other accounts that may have been compromised hence the above requests. Thanks for any and all help!

• 

  SysSachin

  • December 09, 2016 14:49

  A) Search all accounts for files by name?

  
  Yes, You have to find the accounts which is having file. Use bellow command
  find /home/ -name filename
  Also, Find files that contain a text
  grep -lir "text to find" *
  

  0
• 

  peterallcdn

  • December 09, 2016 22:59

  Thanks SysSachin, that helps. Anyone know how to also list all accounts with recent activity such as file uploads, new email address creation etc?

  0
• 

  cPanelMichael

  • December 12, 2016 18:00

  Hello, For email accounts, you could develop a custom bash script that searches /usr/local/cpanel/logs/access_logs for activity such as email account creation, or setup a hook that automatically runs a custom command after email account creation: Guide to Standardized Hooks - Software Development Kit - cPanel Documentation The following third-party URL may help for file upload activity: "watch" command to notify on newly created files on linux Thank you.

  0

Please sign in to leave a comment.