I was trying to reply to this thread but forums locked old post -- Viewing Successful Root Login Log
---
Hey @cPanelMichael
I just checked WHM >> cPHulk Brute Force Protection Whitelist Management tab for VPS WHMCS IP and it's already listed. Why am I still getting email alert lfg WHM/cPanel root access alert from the whitelisted IPs? In the Configuration Settings tab I scroll to very bottom, and all three checkboxes are checked.
Am I not understanding something correctly? I do not wish to receive lfd email alert from whitelisted IP root logins. Should I uncheck those email boxes, save and restart lfd and cPHulk services?
I'm not using gmail for email alerts, just the self hosted email account that is hosted on the same WHM/cPanel server.
1. Send a notification upon successful root login when the IP address is not on the whitelist
2. Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock
3. Send a notification when the system detects a brute force user
Thanks for your attention,
p.s. - I SSH grep "root" /usr/local/cpanel/logs/access_log and everything looks just fine... now... to just get rid of LFD email alerts...
---
Hey @cPanelMichael
I just checked WHM >> cPHulk Brute Force Protection Whitelist Management tab for VPS WHMCS IP and it's already listed. Why am I still getting email alert lfg WHM/cPanel root access alert from the whitelisted IPs? In the Configuration Settings tab I scroll to very bottom, and all three checkboxes are checked.
Am I not understanding something correctly? I do not wish to receive lfd email alert from whitelisted IP root logins. Should I uncheck those email boxes, save and restart lfd and cPHulk services?
I'm not using gmail for email alerts, just the self hosted email account that is hosted on the same WHM/cPanel server.
1. Send a notification upon successful root login when the IP address is not on the whitelist
2. Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock
3. Send a notification when the system detects a brute force user
Thanks for your attention,
p.s. - I SSH grep "root" /usr/local/cpanel/logs/access_log and everything looks just fine... now... to just get rid of LFD email alerts...