How can you confirm successful logins by ROOT? It is simple as using the “last” utility from the root.
grep "root" /usr/local/cpanel/logs/access_log
Using the command above will be very helpful to see if an account may have been compromised and at what time. Do you travel frequently? For a instant email report, navigate to WHM Home >> Security Center >> cPHulk Brute Force Protection and choose to send a notification upon successful root login when the IP address is not on the whitelist option then save. If someone does guess the credentials, you will be notified so that you can try to take action.
The following two tabs change content below.
Technology Support Specialist at Sipylus
About The Author: Stephan Pringle is an Information Technology Support Specialist. He covers hardware and software and provides tips for you to troubleshoot and repair issues on your own. In his spare time, he writes articles about the State of New York on his Hackintosh and HackBook and that has helped him to become the top contributor of the New York City section of Yahoo! Answers.
Latest posts by Stephan Pringle (see all)
- HP Color LaserJet Pro MFP M477fdw - Friday, April 14, 2023