The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Duplicate logaccess Error

Discussion in 'Security' started by nootkan, May 6, 2014.

  1. nootkan

    nootkan Well-Known Member

    Joined:
    Oct 25, 2006
    Messages:
    129
    Likes Received:
    2
    Trophy Points:
    18
    I am seeing this in my logs twice a day and was wondering if someone a little more experienced could shed some light on what it means and if I should be worried?

    /usr/local/cpanel/logs/error_log:
    Duplicate logaccess: at cpsrvd-ssl line 2899
    main::servcontent('./robots.txt', 'text/plain', 1, 0, 1, 1, 0) called at cpsrvd-ssl line 4824
    main::handle_unprotected_docs() called at cpsrvd-ssl line 1096
    main::handle_one_connection() called at cpsrvd-ssl line 996
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    I checked with a cPanel dev, and the issue is basically with the way cPanel is forking a duplicate process where the socket for cPanel's internal web server is already hope. This may be annoying, but it shouldn't actually cause an issue for you. I've reported it to cPanel.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to let us know the specific action that you are taking when this entry appears and we can ensure a case is opened for it.

    Thank you.
     
  4. nootkan

    nootkan Well-Known Member

    Joined:
    Oct 25, 2006
    Messages:
    129
    Likes Received:
    2
    Trophy Points:
    18
    I wish I knew. The time stamps are for late in the evening when I am a sleep and early in the morning before I awake.
     
  5. nootkan

    nootkan Well-Known Member

    Joined:
    Oct 25, 2006
    Messages:
    129
    Likes Received:
    2
    Trophy Points:
    18
    So no resolution for this yet? Am I the only one seeing these warnings? Surely not.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket so we can take a closer look and attempt to reproduce the issue you have reported. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  7. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    I do see the error as well, however, at this point I've been assured that it should not actually be causing a problem. Do open your own ticket though as cPanelMichael suggested.
     
  8. nootkan

    nootkan Well-Known Member

    Joined:
    Oct 25, 2006
    Messages:
    129
    Likes Received:
    2
    Trophy Points:
    18
    When I get a chance I will open a ticket. And even though it may not be causing a problem it is a pain to keep getting the emails along with the hundreds of others I receive every day. I just seen this after a failed login attempt using squirrelmail:
    Code:
    Duplicate logaccess:  at cpsrvd-ssl line 3000
    	main::badpass('faillog', 'user password incorrect', 'notefailure', 1, 'skiphttpauth', 1, 'preserve_token', 1) called at cpsrvd-ssl line 6082
    	main::docheckpass_webmaild('user', 'xxxxxxxx', 'pass', 'xxxxxxxxx', 'encrypted_pass', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.nsHS4...', 'skiphttpauth', 1, ...) called at cpsrvd-ssl line 5327
    	main::handle_form_login() called at cpsrvd-ssl line 1131
    	main::handle_one_connection() called at cpsrvd-ssl line 996
    Duplicate logaccess:  at cpsrvd-ssl line 3000
    	main::badpass('faillog', 'user password incorrect', 'notefailure', 1, 'skiphttpauth', 1, 'preserve_token', 1) called at cpsrvd-ssl line 6082
    	main::docheckpass_webmaild('user', 'xxxxxx', 'pass', '#xxxxxxx', 'encrypted_pass', 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx.nsHS4...', 'skiphttpauth', 1, ...) called at cpsrvd-ssl line 5327
    	main::handle_form_login() called at cpsrvd-ssl line 1131
    	main::handle_one_connection() called at cpsrvd-ssl line 996
    Kind of scarey that usernames and passwords are sent in my logs. Is this normal?

    Okay opened a ticket:
    4949897
     
    #8 nootkan, May 13, 2014
    Last edited: May 13, 2014
  9. TraderStf

    TraderStf Member

    Joined:
    Feb 27, 2014
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Belgium
    cPanel Access Level:
    Root Administrator
    FYI, I get this case when I am logged at the same time as root in WHM and in Roundcube as a simple user.
    Round cube refuses to connect and says something like IMAP problem.
    Log out from WHM and you can enter in Round Cube !

    A similar problem (but not with all these logs message with visible passwords) is if you try to log in 2 cpanel at the same time, in other words, cpanel of domain/account1 and cpanel of domain/account2.
    But for this one, must check if the problem was not because I was also logged in WHM as root.

    My WHM settings are root, reseller, owner can access cpanel. All my accounts have been created by root, no reseller here.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To update, in this ticket, the customer's concern about the email was actually related to the email notifications sent from LFD, a third-party application.
     
  11. Hedloff

    Hedloff Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    100
    Likes Received:
    2
    Trophy Points:
    18
    We also see this error all the time in cpanel error_log:

    Code:
    Duplicate logaccess:  at /usr/local/cpanel/Cpanel/Server.pm line 420.
            Cpanel::Server::logaccess(Cpanel::Server=HASH(0x3c4b910)) called at cpsrvd.pl line 3374
            cpanel::cpsrvd::logaccess() called at cpsrvd.pl line 2972
            cpanel::cpsrvd::servcontent("./robots.txt", "text/plain", 1, 0, 1, 1, 0) called at cpsrvd.pl line 4677
            cpanel::cpsrvd::handle_unprotected_docs() called at cpsrvd.pl line 1173
            cpanel::cpsrvd::handle_one_connection() called at cpsrvd.pl line 1068
            cpanel::cpsrvd::script() called at cpsrvd.pl line 432
    But we don't get any email, I just noticed the error when checking on other errors.
    We also use LFD, but is this something that can be fixed?
     
  12. nootkan

    nootkan Well-Known Member

    Joined:
    Oct 25, 2006
    Messages:
    129
    Likes Received:
    2
    Trophy Points:
    18
    Apparently not, the guys over at Lfd tell me that the emails I get are just letting me know of a related issue with cPanel and have nothing to do with their security software. Cpanel says they won't do nothing because it is associated with third party software so I guess we're stuck with the annoyance.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Internal case number 107785 was opened to address an issue where the "Duplicate logaccess" message appeared after failed login attempts, however this was resolved in cPanel version 11.48.1.1. Are you using an older version of cPanel?

    Thank you.
     

Share This Page