Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Site has been hacked???

[gandolf]

Hello, in awstats under "Authenticated users (Top 10)" their is a name and he has visited on the 23rd and 27th. Normally its just empty under their and i dont know what this name is its not a login name i have ever used. It says only 1 hit for each of the 2 days this person has logged in.
What does this mean? Someone has access to my cpanel? Or something else?
I dont know that much so i appreciate help! Also what i can do to check and fix etc. Thankyou

[unable2stay]

Quote:

Originally Posted by gandolf

Hello, in awstats under "Authenticated users (Top 10)" their is a name and he has visited on the 23rd and 27th. Normally its just empty under their and i dont know what this name is its not a login name i have ever used. It says only 1 hit for each of the 2 days this person has logged in.
What does this mean? Someone has access to my cpanel? Or something else?
I dont know that much so i appreciate help! Also what i can do to check and fix etc. Thankyou

I honestly have no idea what you're talking about. Can you paste the information you are talking about please and start again with more description?

[illuminat1]

It could be the server administrator login- if it's a standard whm/cpanel setup, then the person above you (the one with the WHM password) can login to your cpanel using that login name.

[gandolf]

Quote:

I honestly have no idea what you're talking about. Can you paste the information you are talking about please and start again with more description?

In awstats, where you check your traffic stats it has the Authenticated users log. It shows login from 2 dates which shouldnt have log in. The username is not one of which i use and also is a suspicious sounding username. So basically someone is logging in who shouldnt. I dont understand much about this so im asking people what is it they are logging in to and how can i stop.

Quote:

It could be the server administrator login- if it's a standard whm/cpanel setup, then the person above you (the one with the WHM password) can login to your cpanel using that login name.

No, i own the server so nobody else can login to my account unless by hacking.
Anyone know more about this? Thankyou

[gandolf]

Does nobody know what i mean? Lots of people view but noone can help? Someone please. Thakyu

[sonjay]

I've had a couple similar mysterious logins showing up in awstats. I found the entries in the site's access log -- it only shows GET requests for the home page. I can't figure out where this "authenticated login" in awstats is coming from, where or how the person "authenticated" or any pages that they visited other than the home page.

[Scott.Mc]

These are logins from passworded protected directorys.

Not from your cPanel, if you have a passworded protected directory then this is why, otherwise if someone uses http://*:*@www.x.com it will show under the anon part.

[sonjay]

The site in question only has one password-protected directory, and it has no users by those names. I've checked the .htpasswd file, and it's intact. So how in heck did these people log in?

[brianoz]

You haven't given enough information and your English is very hard to understand!

From what you're saying, it could be that your awstats has been compromised. 2 logins isnt very much though.