Login to whm redirects to undefined

Jaan Raadik

Member
Jul 23, 2015
6
0
1
Australia
cPanel Access Level
Root Administrator
Hi,

I'm experiencing an issue where sometimes logging in will redirect me to /undefined/undefined

For example, login page domain.com:2087 will redirect to domain.com:2087/undefined/undefined, which will display a login page again, even though the login was reported as successful.

I don't believe it could be my ip trying too many times, as it happens when I haven't logged in for days at a time, however I have had a few emails sent reporting brutr force attempts against my username. Is there anything you guys can suggest might be the issue here? It happens for some customers logging into webmail also.

Hope someone can help!
Thanks in advance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello :)

Have you been able to reproduce this issue across multiple browsers on multiple workstations? Do you notice any error messages in /usr/local/cpanel/logs/login_log when this occurs?

Thank you.
 

Jaan Raadik

Member
Jul 23, 2015
6
0
1
Australia
cPanel Access Level
Root Administrator
Hi guys, thanks for the replies. Whilst I can't confirm it I believe this was happening when my account had been locked out, since I changed the SSH port that the brute force attempts were against using my account, the problems disappeared. It did occur across all devices I tried to access with, from a variety of IPs, but I would assume my account was simply being locked out. Thanks for your help!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello :)

Do you see any errors in /usr/local/cpanel/logs/login_log at the time this occurred? cPHulk should not redirect you to an undefined web page. It should simply state "Login Failed".

Thank you.
 

Jaan Raadik

Member
Jul 23, 2015
6
0
1
Australia
cPanel Access Level
Root Administrator
Code:
*.*.*.* - root [07/23/2015:06:05:06 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*

*.*.*.* - root [07/23/2015:06:05:10 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
That was a login attempt from my IP address (obfuscated) which was redirected to domain.com:2087/undefined. attempting to login again redirected to domain.com:2087/undefined/undefined

This occurred following receiving a notification of a root user brute force attack, from an IP other than my own. This is however not present within this log (presumably because this log is for WHM logins not failed sshd attempts?), and whilst the log says my IP was blocked for brute force attempts also, I never received email notification of this, along with the first attempt to login resulting in a IP lockout.

Code:
*.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
*.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
*.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
*.*.*.* - root [07/23/2015:06:05:06 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*

*.*.*.* - root [07/23/2015:06:05:10 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Are you accessing cPanel from a specific URL (e.g. from a browser bookmark/favorite entry) or do you enter the URL directly in the browser with the IP Address and port?

Thank you.
 

Jaan Raadik

Member
Jul 23, 2015
6
0
1
Australia
cPanel Access Level
Root Administrator
Hi Fernando,

Only real advice I can give is to check cpHulk - failed login attempts seem to cause the issue for me as I had around 100 failed logins against my ftp port a day. It seemed to be a window following this that undefined redirect occurred, leading me to believe the account was being temporarily blocked.

Usually these failed alerts are emailed, perhaps check your spam folder.

Further than this I can't help sorry!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.