Cpanel send me Mail someone Login as root it was not me!
I get from my Cpanel Server an email everytime when someone Login as Root in WHM and SSH.
I get an mail someone Login as Root today but i dont Login today.
So after first shock i Log me in WHM and change Root Password, after i make an Reboot.
Than i log me in ssh and change Root Password again.
Than i look in WHM what he has done, only what i find was Disable the Automatic Updates.
Than i go in with ssh, make an rkhunter chkrootkit clamav Scan.
All 3 found nothing.
So my question is how he get in my WHM because IDF checks all Bruteforce and this Login was from an Standard inet Ip from germany.
I know it was not an Bruteforce,
what i think is the following.
Trojan my PC or my Wlan.
I use Ubuntu so is Trojan not realy an opinion, my Wlan i has check dont was anybody this year in.
Damn how he get in my WHM???
Knows anybody how this was possible?
No managed than i has ask the manager first.
I use Ubuntu only to manage my Servers.
MMMMM i get an friend the Root Login for long time, and i know he is using Windows but i know his IP is never an german.
I test this now, i send him the new Root password.
When in next hours again someone Login as Root i know he is it.
Its very good that i get emails everytime when someone Login.
He has only 1-2 times as root, when he has more time damn.
But i swear it was an nice shock hahaha
An Virus Scan he has made but its say nothing. It gives for some $ Tools to make an Trojan undetected from Virus Scan.
But i think when it was an trojan by him, how big is the chance that the ip that login is from my city?
And i know i has set Updates from Cpanel to automatic, and this was Disable now.