cPanel Passwords Suddenly Stopped Working!

[goodbot]

I was humming along doing work on a new installation for hours with no trouble... when suddenly an attempt to open an ftp window into one of my user domains was failing repeatedly... I kept re-entering the credentials but cPanel kept reporting an incorrect password. I went back to my WHM window and attempted to change the user domain password (the WHM session had been up for hours... I last accessed it ~10 minutes earlier), but the gui requested my root P/W... it kept failing... I tried every iteration till I realized that somethings broken.

I have ssh root access (which is getting in via use of an SSH key file with no password). I tried restarting cpanel... didn't change anything... in addition to my usual root PW being unrecognized... all of the many reseller and user domain accounts I set up are also now unrecognized... their PWs are not recognized. It looks as if the PW file that cPanel is using somehow got corrupted.

I also tried a passwd... reset the "root" password to a known value... my OS responded positively/OK to this change... but again cPanel doesn't recognize the newly reset root PW...

So at this point I'm in via SSH (cli) to the systems root account...

Any recommendations as to where I should look for signs of this odd/sudden surprise PW problem here?

 

[cPanelMichael]

Hello

Is it possible the accounts are locked out by cPhulk brute force detection? If so, you could disable it with commands such as:

for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
/usr/local/cpanel/bin/cphulk_pam_ctl --disable

Thank you.

 

[goodbot]

Michael/cPanel:

Thanks for this heads-up. Tech support (Philip Stark) simultaneously helped me to the same conclusion.

In doing my initial cPanel environment setup I figured I was a super smart guy and set the cpHulk parameters way stricter than the cPanel defaults ("I'm smarter than THOSE guys!")... and forgot to whitelist my own home IP where I'm working from. After setting up a few dozen domain accounts, I started getting sloppy remembering these accounts' PWs during my ftp/burn-in tests... I guess I eventually failed 5 of these within my new strict time limit... then I was subjected to my own new bitter medicine - a strict 6 hour login timeout... great right!?! Ha-ha!

I'm curious about your little script... why are you looping testing for a running cphulkd process? Is it possible to have more than one instance of this same daemon running simultaneously?

I'm also curious about how/when the cphulkd learns about new/changed config values... When I add or change any cphulk values from the WHM gui... on saving my edits (and exiting the page), is the gui restarting the cphulkd to get it to read the new config values?

I experienced the further embarrassment of cluelessly running with the cphulkd DOWN for many hours before I realized my oversight...

To fix my no-login-access problem as reported, I simply needed to shutdown the cphulkd via my (maintained) ssh-key (no PW) root ssh access... that worked great and got me back in... I quickly went to the cpHulk setup pages in WHM and put my home IP on the white-list... Sure enough... I afterwards failed many more of my domain login attempts and I never got restricted out... I was feeling great for many hours... until I got a break away from my PC and had a chance to think a bit differently....

Hmmm... did I ever manually restart that cphulkd?

I hadn't (and the WHM gui didn't miraculously in-the-background restart it for me either)... But now I have. Fortunately for me (root), it still looks like cphulkd isn't running (with all these sloppy PW mistakes I keep making) but it is... Thank goodness for that!

Thanks again for your attention & help!

 

[cPanelMichael]

The script is looking for any existing cphulk processes or processes that may have hung. It's typically ran via console when SSH access is not possible. Yes, the changes are preserved and cPHulkd is restarted when making changes through the UI. You can restart it manually via:

/usr/local/cpanel/scripts/restartsrv_cphulkd

Thank you.