Login to whm redirects to undefined

[Jaan Raadik]

Hi,

I'm experiencing an issue where sometimes logging in will redirect me to /undefined/undefined

For example, login page domain.com:2087 will redirect to domain.com:2087/undefined/undefined, which will display a login page again, even though the login was reported as successful.

I don't believe it could be my ip trying too many times, as it happens when I haven't logged in for days at a time, however I have had a few emails sent reporting brutr force attempts against my username. Is there anything you guys can suggest might be the issue here? It happens for some customers logging into webmail also.

Hope someone can help!
Thanks in advance.

 

[24x7server]

Hello,

Have you tried to update cPanel on your server ? Please try to update it and check this

/scripts/upcp –force

 

[cPanelMichael]

Hello

Have you been able to reproduce this issue across multiple browsers on multiple workstations? Do you notice any error messages in /usr/local/cpanel/logs/login_log when this occurs?

Thank you.

 

[Jaan Raadik]

Hi guys, thanks for the replies. Whilst I can't confirm it I believe this was happening when my account had been locked out, since I changed the SSH port that the brute force attempts were against using my account, the problems disappeared. It did occur across all devices I tried to access with, from a variety of IPs, but I would assume my account was simply being locked out. Thanks for your help!

 

[cPanelMichael]

Hello

Do you see any errors in /usr/local/cpanel/logs/login_log at the time this occurred? cPHulk should not redirect you to an undefined web page. It should simply state "Login Failed".

Thank you.

 

[Jaan Raadik]

*.*.*.* - root [07/23/2015:06:05:06 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*

*.*.*.* - root [07/23/2015:06:05:10 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*

That was a login attempt from my IP address (obfuscated) which was redirected to domain.com:2087/undefined. attempting to login again redirected to domain.com:2087/undefined/undefined

This occurred following receiving a notification of a root user brute force attack, from an IP other than my own. This is however not present within this log (presumably because this log is for WHM logins not failed sshd attempts?), and whilst the log says my IP was blocked for brute force attempts also, I never received email notification of this, along with the first attempt to login resulting in a IP lockout.

*.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
*.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
*.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
*.*.*.* - root [07/23/2015:06:05:06 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*

*.*.*.* - root [07/23/2015:06:05:10 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*

 

[cPanelMichael]

Are you accessing cPanel from a specific URL (e.g. from a browser bookmark/favorite entry) or do you enter the URL directly in the browser with the IP Address and port?

Thank you.

 

[Jaan Raadik]

I login by typing the URL in the each time

 

[FernandoBF]

Hi,

I have sometimes the same issue in my server. If i make login in webmail with my smartphone ( via browser ) , it say's "login sucess" but came back to the login page of webmail ( and the URL in that time is https://example-Domain.com:2096/undefined/ ).

What do you recomend to do? Tnks

 

[Jaan Raadik]

Hi Fernando,

Only real advice I can give is to check cpHulk - failed login attempts seem to cause the issue for me as I had around 100 failed logins against my ftp port a day. It seemed to be a window following this that undefined redirect occurred, leading me to believe the account was being temporarily blocked.

Usually these failed alerts are emailed, perhaps check your spam folder.

Further than this I can't help sorry!

 

[cPanelMichael]

Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.