PCI Scan from McAfee did something to my WHM login


Dec 13, 2011
cPanel Access Level
Root Administrator
I am still tracking this down, but I am now unable to login to WHM with the root account/password it says login invalid.

AFAIK - nothing would have been written to the server and I am using in case anyone is wondering a 24 character password with Mixed Upper case, lower case, Special characters and Symbols so I know it is quite secure.

I can still login via root into SSH however, so know that hasn't changed and can login with my reseller account just fine to WHM.

Is there a way from mysql in the shell to verify my password for WHM?

EDIT - looks like CPHULK blocked my IP which is odd since I use a Password Manager to form fill the fields so excessive logins would not have been the case. Also, Brute login report is mysteriously empty as is the blacklist.
Last edited:


Well-Known Member
Feb 25, 2010
Houston, TX
cPanel Access Level
Root Administrator
It looks like you already resolved the problem, but I wanted to address this:

Is there a way from mysql in the shell to verify my password for WHM?
No. cPanel does not store the root password, or any account passwords, in MySQL. root and cPanel account users are system users with entries in /etc/passwd and /etc/shadow - the user root is literally the same user, whether you log in via the shell or the WHM. The actual passwords are stored in /etc/shadow (no passwords are stored in /etc/passwd, despite the name), and they are encoded as salted MD5 hashes that are not human readable. There is no practical way to extract the passwords from /etc/shadow.

cPHulk should be recording information about IP addresses it detects as brutes and blocks. If this continues, please submit a ticket so that we may log into the server and fix it for you.