One of my users is having trouble logging into cPanel. His IP had been flagged by CSF and banned via iptables, and I fixed that with 'csf -a $IP'. I have confirmed that his IP is now accepted by iptables and he is able to interact wwith the server. Ever since then, however, he has had to perform a password reset to get in. Once he has reset his password, he can log in. If he logs out or closes his browser, his new password won't work and he'll have to do another password reset to get back in. How can I fix this, or where can I start troubleshooting this?
NixTree
Well-Known Member
Hello,
Did you check cphulkd? If you have CSF installed and properly configured, you may disbale cphulkd! If you would like to have it enabled still, check the client IP against cphulkd block or flush the DB ( you can do these via WHM ) . Otherwise disabling cphuld will fix the issue, if it's causing the error here!
Thank you,
Nibin.
Did you check cphulkd? If you have CSF installed and properly configured, you may disbale cphulkd! If you would like to have it enabled still, check the client IP against cphulkd block or flush the DB ( you can do these via WHM ) . Otherwise disabling cphuld will fix the issue, if it's causing the error here!
Thank you,
Nibin.
Thanks, I did check the cphulkd database. There were no entries in 'brutes' or 'logins'. Is this what you mean?
Hi,
If you are familiar with SSH, you may use the below specified commands to trouble -shoot the brute-force issue, once logged in as root.
mysql
use cphulkd;
show tables;
select * from blacklists;
(if the mentioned IP is listed there, you may remove it)
delete from blacklists where IP (give the corresponding field name)=xx.xx.xx.xx;
If the IP is listed in the 'logins' table, you may remove it, if the issue still persists.
If you are familiar with SSH, you may use the below specified commands to trouble -shoot the brute-force issue, once logged in as root.
mysql
use cphulkd;
show tables;
select * from blacklists;
(if the mentioned IP is listed there, you may remove it)
delete from blacklists where IP (give the corresponding field name)=xx.xx.xx.xx;
If the IP is listed in the 'logins' table, you may remove it, if the issue still persists.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| R | Cannot change password of new shell user | Security | 1 | |
| N | Cannot add root to Wheel Group Users | Security | 3 | |
| D | users cannot change the password account | Security | 3 | |
| V | Cannot login, wrong username or password | Security | 1 | |
| I | User cannot change a password (piece from log inside) | Security | 1 |