Mac WEBdisk CPdavD connection to CPanel

Operating System & Version
Big Sur

EV2agency

Registered
Dec 4, 2020
3
0
1
Tampa
cPanel Access Level
Website Owner
I consistently have an issue where my host (A2) is blocking my IP address at the server level. I have to visit my Cpanel login and do a CAPTCHA to whitelist the IP again. This will happen numerous times until the IP is Blacklisted and I can't access CPanel at all. I call and they Whitelist me again but it continues to happen.

I was told by A2 that my computer (with all of my email profile being rebuilt) is sending numerous requests to CPdavD and this is web disk related. I do not have any web disk running that I am aware of as this is a 3 month old, brand new Mac Book Pro.

Could this be related to iCal or something with my calendar tied to my email?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,027
313
cPanel Access Level
Root Administrator
Hey there! The "dav" processes could either be webdisk or caldav, so it could certainly be the system making calls to the calendar if you have that setup. I'm guessing this is a shared server and they don't want to whitelist your IP, correct?

The only way to know for sure would be to have the host check the /opt/cpanel-ccs/data/Logs/error.log file on the system to see what specific errors are happening, as you wouldn't be able to see that with your limited access to the machine.

I looked around and didn't see any way to limit the number of connection requests the Mac makes to through the Calendar system. If you keep the Calendar app closed for a bit, does the issue no longer happen?
 
  • Like
Reactions: EV2agency

EV2agency

Registered
Dec 4, 2020
3
0
1
Tampa
cPanel Access Level
Website Owner
I have full access to my CPanel Backend. Why would Ical be trying to access CPanel? The ywhitelist my IP all the time. They just did it yesterday and I was blocked AGAIN today. I'm unsure what is exactly trying to access CPanel unsuccessfully!

Here are my latest logs:
[Fri Dec 04 11:01:35.075937 2020] [core:error] [pid 682329:tid 47893461489408] (13)Permission denied: [client 17.58.96.68:18613] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 09:19:30.855369 2020] [core:error] [pid 603118:tid 47893499311872] (13)Permission denied: [client 66.249.66.210:53023] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 08:44:22.588560 2020] [core:error] [pid 547915:tid 47893469894400] (13)Permission denied: [client 114.119.155.81:52422] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 08:43:39.353702 2020] [core:error] [pid 603118:tid 47893461489408] (13)Permission denied: [client 157.55.39.1:3668] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 08:43:39.219914 2020] [core:error] [pid 603118:tid 47893453084416] (13)Permission denied: [client 157.55.39.1:3650] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 08:25:42.228065 2020] [core:error] [pid 603118:tid 47893490906880] (13)Permission denied: [client 35.185.19.233:43985] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 08:24:48.256732 2020] [core:error] [pid 603118:tid 47893469894400] (13)Permission denied: [client 35.185.19.233:52965] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 07:54:18.298017 2020] [core:error] [pid 547993:tid 47893471995648] (13)Permission denied: [client 66.249.66.220:40350] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 06:39:18.073094 2020] [core:error] [pid 475446:tid 47893501413120] (13)Permission denied: [client 66.249.66.70:39585] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
[Fri Dec 04 06:08:16.014722 2020] [core:error] [pid 475446:tid 47893478299392] (13)Permission denied: [client 66.249.66.222:63491] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,027
313
cPanel Access Level
Root Administrator
While you'd have full access to cPanel, you wouldn't have access to any of the logs that would show the errors they are reporting. I'd be a bit skeptical that a Calendar connection is what is causing you to be blocked, but it seems odd they couldn't provide you with more information on their end, showing specifically what the blockage was.

For example, and of course I don't know what firewall system they are using so this is just a general example, CSF gives these details when an IP address is added to the block list:

Code:
1.2.3.4 # lfd: (ftpd) Failed FTP login from 1.2.3.4 (CN/China/-): 10 in the last 3600 secs - Thu Nov 26 07:15:13 2020
but it would be nice if they could provide more specifics on what they are seeing, as by default, cPanel itself doesn't have any blocking functions on Calendar connections.
 

EV2agency

Registered
Dec 4, 2020
3
0
1
Tampa
cPanel Access Level
Website Owner
All they told me was it was related to a Web Disk attempting to access CPanel itself and gave me the CPdavD code. The only 2 devices on my network using the email/domain in question are my MacBook Pro and my iPhone 12. I'm completely lost here and now I'm blacklisted again and can't even get to the CPanel to clear it.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,027
313
cPanel Access Level
Root Administrator
It's important to note that there is nothing in cPanel by default that would block based on this type of traffic, so I'm really just guessing at possibilities. When you mention the Captcha code, that actually makes me think of Imunify360 being installed on the server, which is also not a cPanel tool. Here's the documentation they provide about their firewall tool:

Gray list is automated. If a user violates Imunify360 security rules, tries to enter the wrong password for example, then Imunify360 automatically blocks the access to this user IP-address, adding the IP-address to the Gray List. It will redirect the user to enter the Captcha. After entering the Captcha correctly, Imunify360 will remove that user from the Gray List. In the case of repeated violation, the IP-address will be automatically added to the Gray List again.
Since this is blocking you on the server side I don't think there is going to be a good way to fix that. They may need to check and confirm if this is Imunify causing the issue, but it's not something that is part of the default cPanel configuration.
 

stephanmg

Registered
Jan 4, 2021
2
0
1
nothere
cPanel Access Level
Website Owner
I am having EXACT same problem with A2Hosting, for me, it is going on for 3 months. They and also I have no clue why this is happening. All they tell me (every day) is it's due to false cPanel logins.

This is what they see in the logfiles (different things).

* I have replaced {IP-ADDRESS} and [email protected].

{IP-ADDRESS} - [email protected] [01/03/2021:09:31:45 -0000] "PROPFIND" FAILED LOGIN cpdavd: No encrypted password found for [email protected].

1 06:35:57 mi3-ss48 dovecot: imap-login: Aborted login (auth failed, 2 attempts in 1 secs): user=<>, method=LOGIN, rip={IP-ADDRESS}, lip={SERVER-IP}, TLS, session=</1/JJNW3aMpTUoLc>

{IP-ADDRESS} - [email protected] [12/31/2020:10:54:40 -0000] "PROPFIND" FAILED LOGIN cpdavd: Authentication failed for user: [email protected].

For your information. I have reinstalled my macOS without backup. I didn't have any accounts/connections to my websites on other devices. I also checked other devices on my networks for e-mail accounts/webdisk/caldav connections, none.

If anyone can shine a light on this. Thank you so much!
 
Last edited:

stephanmg

Registered
Jan 4, 2021
2
0
1
nothere
cPanel Access Level
Website Owner
Well, I am just a customer of A2Hosting, no root access for me, only cPanel access for my domain. the mail account doesn't exist any more. I created it, but since the problems I have deleted it also. I can't test if I am able to access mail access.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,027
313
cPanel Access Level
Root Administrator
You could always create a new account to test :D

The host would have the best access to logs though, as they could check the mail logs to see if there are any additional details about that user that could be contributing to the issue.