Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

POST /login/?login_only=1 HTTP/1.1 entries in access log

Discussion in 'Security' started by Amgeek, Sep 6, 2016.

  1. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Website Owner
    After being warned of "Failed attempts" of loggin by the firewall I figure out how to see what attempts were successful in access.log. I see a several entries that I am not sure about. They are similar to the following:

    ip address "get /http/1.1"
    ip address "Post/login/?login_only=1 HTTP/1.1"

    Are these usual entries?
    What do they mean?

    Thanks
    Ed
     
    #1 Amgeek, Sep 6, 2016
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,168
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    More of the message should say:
    FAILED LOGIN cpaneld: invalid cpanel user
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Sep 6, 2016
  3. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Website Owner

    Thanks.

    Don't see that in the access.log. I looked there because I saw that
    The file "login_log" does not include successful authentications. So, since it is in the access.log file I assumed it had been successfull and so was wondering what the codes meant.
     
    #3 Amgeek, Sep 6, 2016
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,168
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Do you have CSF installed? I get emails about these failed logins all the time.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Sep 6, 2016
  5. Amgeek

    Amgeek Member

    Joined:
    Nov 7, 2013
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Website Owner
    Yes I do. That is what peaked my interest. Have gotten emails saying so and so failed attempt to log into one account or another (usually not a real account name but close enough to make you think they knew something). I understand failed attempts are to be expected and it is good news - the firewall is really working. My concern was what if they succeed, how would I know, that led me to the access.log which, as I understand it, logs successful attempts. I find several entries in the access.log from suspicious IPs with the codes in my first post. I don't know what those codes mean they succeeded in doing.
     
    #5 Amgeek, Sep 7, 2016
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,168
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When you create an account, if you don't specify a unique username the system defaults to using some part of the domain name itself. I suppose that's one reason why the attempted login might be close at times.

    Enabling cPanel login alerts in the users cPanel in Contact Preferences, configuring cPHulk and CSF for logins, can all be useful. Enabling two-Factor Authentication is a really good way to lock user accounts down as well. Using Two-Factor for all logins you possibly can, including on these very forums, is suggested.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Infopro, Sep 7, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - POST login login_only=1
  1. kuttysam

    Failed to start postgresql service

    kuttysam, Jun 7, 2018, in forum: Database Discussion
    Replies:
    1
    Views:
    78
    cPanelLauren
    Jun 7, 2018
  2. val98

    SOLVED POST doesn't work but GET does

    val98, May 23, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    83
    cPanelMichael
    Jun 1, 2018
  3. shojib

    /scripts/postupcp is in loop

    shojib, May 22, 2018, in forum: General Discussion
    Replies:
    9
    Views:
    99
    cPanelMichael
    May 24, 2018
  4. rinkleton

    WHM Contact Notifications Post URL

    rinkleton, May 17, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    50
    cPanelMichael
    May 18, 2018
  5. kungccm

    Http "Get" works but "Post" get 403 error

    kungccm, May 16, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    51
    cPanelLauren
    May 16, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice