ConfigServer Community Forum

Hi,

Is there a way to track all WHM/cPanel/FTP logins and not just the failed ones? What we would love to see is the name of the country the person successfully logged in from in an email. Some of our clients are a bit careless when it comes to creating strong passwords.

We understand that many of the servers that support hackers are in the US but many of them are not. We do not have many clients outside of the USA so being able to see someone login to cPanel/FTP from Russia, Japan, Spain, China, etc would give us a shorter reaction time to change the passwords and notify the client of the intrusion.

Barring that maybe someone can show us how to check more than one IP address in say a text file and filter it by country and domain name? We could maybe try to use an AWK command to cut our way through the secure / cpanel / ftp logs and pipe the output into a php script or something.

Enjoying the security that your tools provide and we appreciate your efforts!

Deborah Smith
Server and Technical Support
San Francisco Host
A company is known by the people it keeps!

I'll see if I can add an efficient GeoIP lookup option. The key, though, is that it needs to be quick so that it doesn't hog resources.

Thank you!

I did see something new that might be what you added in today's update:

"Added Country Code lookups for IP addresses. Any reported IP addresses will include the international CC where available. It should be noted that with international ISPs this may not be wholly accurate. Where possible the CC will be translated into the associated country name"

When / what report will this show up and are there options for it?

TY for listening! This is great news!

Deborah

They show in the lfd email reports.