Results 1 to 7 of 7
  1. #1
    Join Date
    Jan 2011
    Posts
    91

    Cpanel send me Mail someone Login as root it was not me!

    I get from my Cpanel Server an email everytime when someone Login as Root in WHM and SSH.

    I get an mail someone Login as Root today but i dont Login today.
    So after first shock i Log me in WHM and change Root Password, after i make an Reboot.
    Than i log me in ssh and change Root Password again.
    Than i look in WHM what he has done, only what i find was Disable the Automatic Updates.
    Than i go in with ssh, make an rkhunter chkrootkit clamav Scan.
    All 3 found nothing.

    So my question is how he get in my WHM because IDF checks all Bruteforce and this Login was from an Standard inet Ip from germany.

    I know it was not an Bruteforce,
    what i think is the following.
    Trojan my PC or my Wlan.
    I use Ubuntu so is Trojan not realy an opinion, my Wlan i has check dont was anybody this year in.

    Damn how he get in my WHM???
    Knows anybody how this was possible?

  2. #2
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,799
    Is this server managed? If so, would there be any reason for your provider to log in to do anything?

    If it was not bruted, they must have known your PW somehow, either through a keylogger/trojan on your local machine. You don't remember giving out root access to anyone?

  3. #3
    Join Date
    Jan 2011
    Posts
    91
    No managed than i has ask the manager first.
    I use Ubuntu only to manage my Servers.
    MMMMM i get an friend the Root Login for long time, and i know he is using Windows but i know his IP is never an german.

  4. #4
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,799
    It could be possible that your friend's workstation got infected with a trojan.

  5. #5
    Join Date
    Jan 2011
    Posts
    91
    I test this now, i send him the new Root password.
    When in next hours again someone Login as Root i know he is it.
    Its very good that i get emails everytime when someone Login.
    He has only 1-2 times as root, when he has more time damn.
    But i swear it was an nice shock hahaha

  6. #6
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,799
    Wait, you're testing this by giving your friend the new root login? Why not ask your friend to scan his workstation?

  7. #7
    Join Date
    Jan 2011
    Posts
    91
    An Virus Scan he has made but its say nothing. It gives for some $ Tools to make an Trojan undetected from Virus Scan.
    But i think when it was an trojan by him, how big is the chance that the ip that login is from my city?
    And i know i has set Updates from Cpanel to automatic, and this was Disable now.

Similar Threads

  1. E-mail Alert on Root SSH Login
    By crazyaboutlinux in forum Hosting Security and Technology
    Replies: 12
    Last Post: 06-20-2009, 09:17 PM
  2. how to automatically send email when someon login server via ROOT?
    By getwebhosting in forum Hosting Security and Technology
    Replies: 10
    Last Post: 06-09-2009, 04:58 PM
  3. send mail SMPT login problem
    By spidgeon in forum Hosting Security and Technology
    Replies: 3
    Last Post: 07-21-2004, 11:39 PM
  4. How to secure email/send mail in cpanel so only internal can send mail?
    By Dann2 in forum Hosting Security and Technology
    Replies: 11
    Last Post: 07-07-2003, 01:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •