Access denied "GET /xml-api/listaccts"

[kernow]

One of our servers in our cluster is suddenly reporting login attempt errors from one of our servers:

GET /xml-api/listaccts HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect
GET /xml-api/showbw HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect
GET /xml-api/resellerstats?reseller=name HTTP/1.1" FAILED LOGIN whostmgrd: user password

The cluster is set up only for DNS so what script would be requesting login for list accounts / reseller stats?
(its odd that access would be denied anyway as the DNS cluster is working OK)

 

[cPanelMichael]

Hello

Do you have cPHulk brute force detection enabled on the DNS-Only machine? If so, check to see if the hosting server has been locked out by cPhulkd.

Thank you.

 

[kernow]

Hi,
Sorry, I didn't explain properly, there is no DNS only machine, I mean't that the cluster is only for syncing DNS records between servers, as we understand it there is no other purpose for the cluster is there?. The cluster is working OK. No, we don't use cPHulk.
The errors are coming from CSF log and the server attempting login isn't locked out despite the connection refused message. What I don't understand is what script on the server would request info on resellerstats on a remote server?

 

[cPanelMichael]

Do you have any third-party applications (e.g. billing) on the cPanel server that is making the connection which could be requesting the account list or to view reseller statistics?

Thank you.

 

[kernow]

Do you have any third-party applications (e.g. billing) on the cPanel server that is making the connection which could be requesting the account list or to view reseller statistics?

Thank you.

Hi,
Thanks for the suggestion, yes it turned out to be WHMCS cron job. Haven't figured out why it gets connection refused yet, but we know where to look now. Thanks.