Annoying Email Alerts: Root Login from Local Machine


Sep 30, 2011
cPanel Access Level
Root Administrator
I keep getting text alerts that say this: "Root was logged into whostmgrd using following authentication service: system". It doesn't provide an IP address, it just says "Local Machine", so the email is automatically useless to me. What is more, it is always us logging in. Of course we've already restricted access to whostmgrd by IP address, but it doesn't seem to check that list before sending out an alert, or it's possible that it does check it, but since the "Local Machine" isn't on that list, it sends out an alert.

Why this is a problem: Everyone on the list is getting repeated messages in the middle of the night as often as every 15 minutes depending on the activity.

I'd like for these alerts to a) send the actual IP address of the person logging into whm as root, and b) only send it when the IP address isn't on the host access list for this service. Barring that, I'd like a way to shut them off entirely short of removing all names from the contact manager, but there doesn't seem to be a way to do that.


Staff member
Apr 11, 2011
Hello :)

This notification comes from the following option in "WHM Home » Security Center » cPHulk Brute Force Protection":

"Send a notification upon successful root login when the IP is not whitelisted"

Are your IP addresses whitelisted in cPhulk brute force detection? Do you have any local scripts installed on the server that utilize root access?

Thank you.