Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PCI Scan from McAfee did something to my WHM login

Discussion in 'Security' started by medfordite, Jan 18, 2013.

  1. medfordite

    medfordite Member

    Dec 13, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I am still tracking this down, but I am now unable to login to WHM with the root account/password it says login invalid.

    AFAIK - nothing would have been written to the server and I am using in case anyone is wondering a 24 character password with Mixed Upper case, lower case, Special characters and Symbols so I know it is quite secure.

    I can still login via root into SSH however, so know that hasn't changed and can login with my reseller account just fine to WHM.

    Is there a way from mysql in the shell to verify my password for WHM?

    EDIT - looks like CPHULK blocked my IP which is odd since I use a Password Manager to form fill the fields so excessive logins would not have been the case. Also, Brute login report is mysteriously empty as is the blacklist.
    #1 medfordite, Jan 18, 2013
    Last edited: Jan 18, 2013
  2. cPanelJared

    cPanelJared Technical Analyst

    Feb 25, 2010
    Likes Received:
    Trophy Points:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It looks like you already resolved the problem, but I wanted to address this:

    No. cPanel does not store the root password, or any account passwords, in MySQL. root and cPanel account users are system users with entries in /etc/passwd and /etc/shadow - the user root is literally the same user, whether you log in via the shell or the WHM. The actual passwords are stored in /etc/shadow (no passwords are stored in /etc/passwd, despite the name), and they are encoded as salted MD5 hashes that are not human readable. There is no practical way to extract the passwords from /etc/shadow.

    cPHulk should be recording information about IP addresses it detects as brutes and blocks. If this continues, please submit a ticket so that we may log into the server and fix it for you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice