The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

login incorrect

Discussion in 'Security' started by sniperscope, Jul 23, 2011.

  1. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Hi
    I cannot login to my server neither console nor ssh.

    On console login screen says "login incorrect" even if i type very true username and password. I boot up with single mode and changed root password it is still same problem.

    SSH login always return session timed out.

    When i change my ip address i can see WHM login screen but WHM block my ip address for "brute force suspicious" even at first login attempt. So far i changed my ip address 6 times and everytime WHM put my ip address into black list.

    Even my customer cannot log in to their cPanel account because WHM put them black list as well.
    Last time it happen to me same thing and re-install centOS and WHM in that time. But this time is different because there is customer in the server.

    So far, i request help from centOS forum they said "This is WHM problem". I request configServer forum(who create CSF) they don't even answer.

    What can i do? besides formatting...

    Does it solve my problem boot up server with interactive menu and disable CSF and Iptables.

    How about disable cPanel completely during boot up.

    I need serious help.

    Regards
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This might be way off base, but I suggest you do a complete scan on your computer for problems. I have seen this happen several times this year alone where a user is blocked by my security due to malware on the users computer. One had 4 computers in his home, networked, and tried them all and kept being blocked. His actions tripped modsec, CSF stopped him. All PCs in his home were infected.

    You might want to contact cPanel Support on this, give them root login details and see how they make out logging in.


    In all my years using cPanel I have never had to do either of these steps you have here. Seems a bit overkill for this sort of problem. Stop, and ask for help from the wonderful cPanel Support Team.

    If it can be fixed, they are the ones who can do it.

    Good luck with this.
     
  3. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please do post back your ticket number so that I can follow this one.

    As for how good cPanel is, you and I agree 100%.

    I like the company and software so much I went to work for them. [​IMG] :p
     
  5. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Dear Infopro

    Here is my Ticket number #1763986

    Thank you for your help. I really appreciate.
     
  6. DiverGuy

    DiverGuy Member
    PartnerNOC

    Joined:
    Apr 14, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1

    By any chance are you using blf (blowfish) encryption for your passwords?

    It appears that the 11.30 update to CPanel breaks blf encryption and forces you to revert to md5

    This just happened to me yesterday/today when I updated.
     
  7. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    what is that blf(blowfish) mean?
    And yes, i am using 11.30
    Any suggestion to clean up this mess?

    I am a web developer but i am using window$ for very long time. And this is first time in my life i am touching some OS besides Win.

    Therefore, absolutely i have no idea what is blowfish means. how to enable or disable it. where is it?
     
  8. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Dear InfoPro
    Here is what i got from Paul.

    Hello, thank you for contacting cPanel.

    CSF is a third party product was we cannot support nor uninstall. Without shell access we can't even point you in the right direction. My suggestion would be to see if the ConfigServer website has a support forum you can post on to see if you can find assistance there.

    Regards,

    --
    Paul Trost
    Technical Analyst
    cPanel, Inc.
     
  9. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Dear infoPro
    Here is what i did.
    I reboot machine and boot with interactive mod.
    So i disabled CSF, ip6tables, iptables, LDF and cPanel so i was able to login boot from console and ssh. I uninstalled CSF and reboot normally(with cPanel available).
    But still i am having problem "login incorrect" through console and "Access denied" through SSH.

    Any suggestion?

    I guess still having problem because of iptables or some blocked ip from whm.
     
  10. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    I did it.
    Damn it i did it....... finally i logged into whm.
    I am going to explain how could i do that. But i need to sleep first it 6 am here and i didn't sleep more than 50 hours for trying to clean up this damn thing.
     
  11. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Okay here is how i solved this problem.
    I reboot server and boot up with Interactive login.
    I checked every single process for loading and i disabled CSF, LFD and cPanel
    then i was able to login SSH.

    I remove CSF completely.
    Then used a proxy site(because All my ip addresses was blocked already) to login WHM.
    After logged in then i add all my ip xxx.xxx.0.0/16 to safe list then saved and logged out whm.

    *** IMPORTANT ***
    Soon you have to login into WHM with your normal IP address and change Root password (For security issue)

    Hope this help someones days.

    Cheers.

    Note: However i cannot able to login Console(i can via SSH anyway. I guess this problem also relative with IP address)
     
  12. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Do you have WHM > cPHulk Brute Force Protection enabled? It might be what was locking you out if the machine for root user login was getting brute force attempts. I'm basing this on your first post where you mentioned you kept getting in WHM login tries "brute force suspicious" returns. Once you were in WHM, you could disable cPHulk on the machine if it was the cause.

    You can also check the cPHulk logs in root SSH once you have access to check if it was blocking your IP previously for login attempts:

    Code:
    grep IP# /usr/local/cpanel/logs/cphulkd.log
    Please replace IP# with the IP number you were using when you kept getting blocked.
     
  13. sniperscope

    sniperscope Well-Known Member

    Joined:
    Apr 5, 2011
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    osaka/ japan
    cPanel Access Level:
    Website Owner
    Dear Tristan
    As you suggested i run that command and here is the result. You were right. cphulk block me.

    Sat Jul 23 04:51:21 2011 [info] Connection service=system ip=xxx.yyy.zzz.000 port =2087 user=root blocked by cphulkd (Too many failures for this username numfailed=20 max=3)
    Sat Jul 23 04:52:09 2011 [info] Connection service=system ip=xxx.yyy.zzz.000 port =2087 user=root blocked by cphulkd (Too many failures for this username numfailed=21 max=3)
     
  14. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In WHM > Security Center > cPHulk Brute Force Protection, White/Black List Management, add your IP to the White List.
     
Loading...

Share This Page