Rise Company
20-03-2022, 23:51
السي بانيل Cpanel | تتبع اللوج track cpanel users navigations and actions
How to interpret cPanel and WHM access logs
How can I track cpanel users navigations and actions
How to track who have login to my cpanel
Best method to track down offending ip address?
Help tracking down a hacker .. where to view Cpanel login IP's?
https://www.rise.company/upload/uploads/16478128308111.png
هذه الخاصية داخل فايروول csf تسمح لك مشاهدة ملف log access الذى تم على اى user لديك
وبسهولة يمكنك البحث بداخله عن اى شىء او دخول تم من خلال اى بى محدد
وهيكون بداخله اما GET او POST للاكشن التفصيلي الذى يتم
Any action made in the cPanel or WHM interfaces is traced in
/usr/local/cpanel/logs/access_log
Some generic data can be found within the cPanel access log. Using the following technique can help you become familiar with
what kinds of actions are associated with the logs that you find in the /usr/local/cpanel/logs/access_log .
على سبيل المثال تريدد تتبع الدخول على webmail ماذا حدث بداخله
you'll need to decide what kind of information you would like to know. For example,
you could decide to monitor logs related to logging into webmail.
هتجد داخل اللوج مثل هذا
10.1.1.1 - testemail%40cptest.tld [09/15/2020:15:03:07 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "https://10.1.1.1:2096/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36" "-" "-" 2096
You'll notice that the log has a "POST /login/?login" on port "2096" for the [email protected] user.
Looking for that in the access_log would be a good indicator that a user used that exact method to login to webmail.
There are other methods of logging into webmail, so looking for this kind of access log will only reveal logins for that specific login method.
For example, logging into webmail via the "Check Mail" button in the cPanel interface does not post to the /login url.
It is not possible to fully audit all user actions through the access log because the actions taken are often very generic.
يمكنك ايضا مراقبة ملف /var/log/messages لمعرفة رسائل الحظر الى تمت
https://www.rise.company/upload/uploads/164781380827231.png
ايضا
Here are some log files you may find useful:
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/login_log
المرجع:
https://support.cpanel.net/hc/en-us/articles/360055291133-How-to-interpret-cPanel-and-WHM-access-logs
https://forums.cpanel.net/threads/how-can-i-track-cpanel-users-navigations-and-actions.678721/
https://forums.cpanel.net/threads/how-to-track-who-have-login-to-my-cpanel.443872/
https://forums.cpanel.net/threads/help-tracking-down-a-hacker-where-to-view-cpanel-login-ips.69386/
How to interpret cPanel and WHM access logs
How can I track cpanel users navigations and actions
How to track who have login to my cpanel
Best method to track down offending ip address?
Help tracking down a hacker .. where to view Cpanel login IP's?
https://www.rise.company/upload/uploads/16478128308111.png
هذه الخاصية داخل فايروول csf تسمح لك مشاهدة ملف log access الذى تم على اى user لديك
وبسهولة يمكنك البحث بداخله عن اى شىء او دخول تم من خلال اى بى محدد
وهيكون بداخله اما GET او POST للاكشن التفصيلي الذى يتم
Any action made in the cPanel or WHM interfaces is traced in
/usr/local/cpanel/logs/access_log
Some generic data can be found within the cPanel access log. Using the following technique can help you become familiar with
what kinds of actions are associated with the logs that you find in the /usr/local/cpanel/logs/access_log .
على سبيل المثال تريدد تتبع الدخول على webmail ماذا حدث بداخله
you'll need to decide what kind of information you would like to know. For example,
you could decide to monitor logs related to logging into webmail.
هتجد داخل اللوج مثل هذا
10.1.1.1 - testemail%40cptest.tld [09/15/2020:15:03:07 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "https://10.1.1.1:2096/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36" "-" "-" 2096
You'll notice that the log has a "POST /login/?login" on port "2096" for the [email protected] user.
Looking for that in the access_log would be a good indicator that a user used that exact method to login to webmail.
There are other methods of logging into webmail, so looking for this kind of access log will only reveal logins for that specific login method.
For example, logging into webmail via the "Check Mail" button in the cPanel interface does not post to the /login url.
It is not possible to fully audit all user actions through the access log because the actions taken are often very generic.
يمكنك ايضا مراقبة ملف /var/log/messages لمعرفة رسائل الحظر الى تمت
https://www.rise.company/upload/uploads/164781380827231.png
ايضا
Here are some log files you may find useful:
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/login_log
المرجع:
https://support.cpanel.net/hc/en-us/articles/360055291133-How-to-interpret-cPanel-and-WHM-access-logs
https://forums.cpanel.net/threads/how-can-i-track-cpanel-users-navigations-and-actions.678721/
https://forums.cpanel.net/threads/how-to-track-who-have-login-to-my-cpanel.443872/
https://forums.cpanel.net/threads/help-tracking-down-a-hacker-where-to-view-cpanel-login-ips.69386/