Duplicate logaccess Error

nootkan

Well-Known Member
Oct 25, 2006
163
11
168
I am seeing this in my logs twice a day and was wondering if someone a little more experienced could shed some light on what it means and if I should be worried?

/usr/local/cpanel/logs/error_log:
Duplicate logaccess: at cpsrvd-ssl line 2899
main::servcontent('./robots.txt', 'text/plain', 1, 0, 1, 1, 0) called at cpsrvd-ssl line 4824
main::handle_unprotected_docs() called at cpsrvd-ssl line 1096
main::handle_one_connection() called at cpsrvd-ssl line 996
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
I checked with a cPanel dev, and the issue is basically with the way cPanel is forking a duplicate process where the socket for cPanel's internal web server is already hope. This may be annoying, but it shouldn't actually cause an issue for you. I've reported it to cPanel.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
I am seeing this in my logs twice a day and was wondering if someone a little more experienced could shed some light on what it means and if I should be worried?
Feel free to let us know the specific action that you are taking when this entry appears and we can ensure a case is opened for it.

Thank you.
 

nootkan

Well-Known Member
Oct 25, 2006
163
11
168
I wish I knew. The time stamps are for late in the evening when I am a sleep and early in the morning before I awake.
 

nootkan

Well-Known Member
Oct 25, 2006
163
11
168
I checked with a cPanel dev, and the issue is basically with the way cPanel is forking a duplicate process where the socket for cPanel's internal web server is already hope. This may be annoying, but it shouldn't actually cause an issue for you. I've reported it to cPanel.
So no resolution for this yet? Am I the only one seeing these warnings? Surely not.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Feel free to open a support ticket so we can take a closer look and attempt to reproduce the issue you have reported. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

nootkan

Well-Known Member
Oct 25, 2006
163
11
168
When I get a chance I will open a ticket. And even though it may not be causing a problem it is a pain to keep getting the emails along with the hundreds of others I receive every day. I just seen this after a failed login attempt using squirrelmail:
Code:
Duplicate logaccess:  at cpsrvd-ssl line 3000
	main::badpass('faillog', 'user password incorrect', 'notefailure', 1, 'skiphttpauth', 1, 'preserve_token', 1) called at cpsrvd-ssl line 6082
	main::docheckpass_webmaild('user', 'xxxxxxxx', 'pass', 'xxxxxxxxx', 'encrypted_pass', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.nsHS4...', 'skiphttpauth', 1, ...) called at cpsrvd-ssl line 5327
	main::handle_form_login() called at cpsrvd-ssl line 1131
	main::handle_one_connection() called at cpsrvd-ssl line 996
Duplicate logaccess:  at cpsrvd-ssl line 3000
	main::badpass('faillog', 'user password incorrect', 'notefailure', 1, 'skiphttpauth', 1, 'preserve_token', 1) called at cpsrvd-ssl line 6082
	main::docheckpass_webmaild('user', 'xxxxxx', 'pass', '#xxxxxxx', 'encrypted_pass', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx.nsHS4...', 'skiphttpauth', 1, ...) called at cpsrvd-ssl line 5327
	main::handle_form_login() called at cpsrvd-ssl line 1131
	main::handle_one_connection() called at cpsrvd-ssl line 996
Kind of scarey that usernames and passwords are sent in my logs. Is this normal?

Okay opened a ticket:
4949897
 
Last edited:

TraderStf

Member
Feb 27, 2014
11
0
1
Belgium
cPanel Access Level
Root Administrator
FYI, I get this case when I am logged at the same time as root in WHM and in Roundcube as a simple user.
Round cube refuses to connect and says something like IMAP problem.
Log out from WHM and you can enter in Round Cube !

A similar problem (but not with all these logs message with visible passwords) is if you try to log in 2 cpanel at the same time, in other words, cpanel of domain/account1 and cpanel of domain/account2.
But for this one, must check if the problem was not because I was also logged in WHM as root.

My WHM settings are root, reseller, owner can access cpanel. All my accounts have been created by root, no reseller here.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Okay opened a ticket: 4949897
To update, in this ticket, the customer's concern about the email was actually related to the email notifications sent from LFD, a third-party application.
 

Hedloff

Well-Known Member
Jun 7, 2004
185
11
168
Up north!
cPanel Access Level
DataCenter Provider
We also see this error all the time in cpanel error_log:

Code:
Duplicate logaccess:  at /usr/local/cpanel/Cpanel/Server.pm line 420.
        Cpanel::Server::logaccess(Cpanel::Server=HASH(0x3c4b910)) called at cpsrvd.pl line 3374
        cpanel::cpsrvd::logaccess() called at cpsrvd.pl line 2972
        cpanel::cpsrvd::servcontent("./robots.txt", "text/plain", 1, 0, 1, 1, 0) called at cpsrvd.pl line 4677
        cpanel::cpsrvd::handle_unprotected_docs() called at cpsrvd.pl line 1173
        cpanel::cpsrvd::handle_one_connection() called at cpsrvd.pl line 1068
        cpanel::cpsrvd::script() called at cpsrvd.pl line 432
But we don't get any email, I just noticed the error when checking on other errors.
We also use LFD, but is this something that can be fixed?
 

nootkan

Well-Known Member
Oct 25, 2006
163
11
168
Apparently not, the guys over at Lfd tell me that the emails I get are just letting me know of a related issue with cPanel and have nothing to do with their security software. Cpanel says they won't do nothing because it is associated with third party software so I guess we're stuck with the annoyance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello,

Internal case number 107785 was opened to address an issue where the "Duplicate logaccess" message appeared after failed login attempts, however this was resolved in cPanel version 11.48.1.1. Are you using an older version of cPanel?

Thank you.