The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Access denied "GET /xml-api/listaccts"

Discussion in 'General Discussion' started by kernow, Sep 29, 2013.

  1. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    One of our servers in our cluster is suddenly reporting login attempt errors from one of our servers:
    The cluster is set up only for DNS so what script would be requesting login for list accounts / reseller stats?
    (its odd that access would be denied anyway as the DNS cluster is working OK)
     
    #1 kernow, Sep 29, 2013
    Last edited: Sep 29, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Do you have cPHulk brute force detection enabled on the DNS-Only machine? If so, check to see if the hosting server has been locked out by cPhulkd.

    Thank you.
     
  3. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi,
    Sorry, I didn't explain properly, there is no DNS only machine, I mean't that the cluster is only for syncing DNS records between servers, as we understand it there is no other purpose for the cluster is there?. The cluster is working OK. No, we don't use cPHulk.
    The errors are coming from CSF log and the server attempting login isn't locked out despite the connection refused message. What I don't understand is what script on the server would request info on resellerstats on a remote server?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Do you have any third-party applications (e.g. billing) on the cPanel server that is making the connection which could be requesting the account list or to view reseller statistics?

    Thank you.
     
  5. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi,
    Thanks for the suggestion, yes it turned out to be WHMCS cron job. Haven't figured out why it gets connection refused yet, but we know where to look now. Thanks.
     
Loading...

Share This Page