SOLVED Cryptic cpanel error message has_cpuser_file failed

jeffschips

Well-Known Member
Jun 5, 2016
221
23
68
new york
cPanel Access Level
Root Administrator
I can't tell if this log entry is generated by csf/lfd or cpanel since csf actually reads cpanel logs and the log snippet is the cryptic message, I'm at a loss.

Here is the message sent via csf but referencing (I believe) a cpanel log:

[2019-12-17 19:24:26 -0500] info [cpaneld] xxx.xxx.xxx.xxx - badpasswd "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user badpasswd (has_cpuser_file failed)

I know this references the fact that someone was attemtping to login with a bad password - that part is clear enough.
But the message "has_cpuser_file failed" . . . what does "has_cpuser_file failed" mean?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
Hello,

This is actually read from /usr/local/cpanel/logs/login_log it's a POST request indicating that someone attempted to login as the user badpasswd. For example here is output from my server for a non-existent user:

Code:
/usr/local/cpanel/logs/login_log:[2019-06-23 04:25:59 -0500] info [cpaneld] <IPREMOVED> - adssadadsa "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user adssadadsa (has_cpuser_file failed)
The has_cpuser_file is part of a Perl Module - /usr/local/cpanel/Cpanel/Config/HasCpUserFile.pm which determines if the user input as the login has a cpanel user file associated with it or not. In this instance, the result has_cpuser_file = false because the user badpasswd doesn't exist.