The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Annoying Email Alerts: Root Login from Local Machine

Discussion in 'Security' started by RedNinja, Jan 30, 2014.

  1. RedNinja

    RedNinja Member

    Sep 30, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I keep getting text alerts that say this: "Root was logged into whostmgrd using following authentication service: system". It doesn't provide an IP address, it just says "Local Machine", so the email is automatically useless to me. What is more, it is always us logging in. Of course we've already restricted access to whostmgrd by IP address, but it doesn't seem to check that list before sending out an alert, or it's possible that it does check it, but since the "Local Machine" isn't on that list, it sends out an alert.

    Why this is a problem: Everyone on the list is getting repeated messages in the middle of the night as often as every 15 minutes depending on the activity.

    I'd like for these alerts to a) send the actual IP address of the person logging into whm as root, and b) only send it when the IP address isn't on the host access list for this service. Barring that, I'd like a way to shut them off entirely short of removing all names from the contact manager, but there doesn't seem to be a way to do that.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    This notification comes from the following option in "WHM Home » Security Center » cPHulk Brute Force Protection":

    "Send a notification upon successful root login when the IP is not whitelisted"

    Are your IP addresses whitelisted in cPhulk brute force detection? Do you have any local scripts installed on the server that utilize root access?

    Thank you.

Share This Page