The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PublicAPI / API 2 / Access Denied error

Discussion in 'cPanel Developers' started by Kheang, Apr 25, 2014.

  1. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I have a weird issue which I am not sure how to fix.
    I am using the PublicAPI PHP library and have followed the instruction on coding a script to use that library to create email accounts, etc.

    The script works no problem, the only issue is I keep getting Access Denied errors from time to time.
    Even if I didn't change anything in my script at all.

    If it works usually, normally it should always work no?

    The thing is I am building an Email Management application for all my customers and I am using the PublicAPI to achieve this. Should I be concerned about security in regards of how I am implementing this?

    Thanks!
     
  2. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok so I fixed this issue by going in the Tweak settings under security and putting this to "On":
    Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM.

    It's odd that it was working before though, then suddenly stopped working at all until I put that.
    Am I doing this correctly if I use "root" and the accesshash method will this be unsecure in anyway if my script communicates locally via 127.0.0.1 ?

    I just want to make sure this will not be a security issue and if multiple users use the script at the same time will it cause a problem?
     
  3. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok scratch what i said about it working again, it still doesn't work. I have no idea what is causing this Access Denied error. I thought my previous fix worked but it stopped working after a while again. But then came back. Any help would be appreciated!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Do you notice any error messages in /usr/local/cpanel/logs/login_log or /usr/local/cpanel/logs/error_log when the access denied message occurs?

    Thank you.
     
  5. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Wow this helps a lot!
    In the login log i see this:

    127.0.0.1 - root [04/25/2014:19:08:08 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1
    127.0.0.1 - root [04/25/2014:19:08:10 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1
    127.0.0.1 - root [04/25/2014:19:08:37 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

    So I am assuming that because of the repeated queries I am doing it thinks it is brute force and locks it even if it comes from 127.0.0.1.

    So I am assuming i need to whitelist this IP and it should work all the time from now on?
    Do I add it in the cPHulk Brute Force Protection?

    Thank you a lot for your help!
     
  6. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    The PublicAPI classes aren't typically meant to be run on the cPanel/WHM server. You could whitelist 127.0.0.1 (the local server) but that could allow others with shell access to hammer the API. You should reach out to integration At cPanel dot NET to see if they can walk you through exactly what you are trying to accomplish.
     
  7. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you I will look into that!
     
  8. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hmm I still have the Access Denied error even after I have added 127.0.0.1 in the whitelist under Security Center »
    cPHulk Brute Force Protection... where else do I need to put it to fix this?

    127.0.0.1 - root [04/28/2014:17:07:35 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

    Any help is appreciated, thanks!
     
  9. mgastkemper

    mgastkemper Member

    Joined:
    Oct 5, 2012
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utrecht, Netherlands
    cPanel Access Level:
    Root Administrator
    Try clearing the failed logins.
     
  10. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok I did so and tried some tests again and the same problem occured after a while.

    127.0.0.1 - root [04/28/2014:19:52:17 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

    I am wondering is there any other places i should whitelist 127.0.0.1 other than cPHulk Brute Force Protection?
     
  11. mgastkemper

    mgastkemper Member

    Joined:
    Oct 5, 2012
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utrecht, Netherlands
    cPanel Access Level:
    Root Administrator
    I don't now another place. cPHulk stores it's data in a MySQL database accessible by PHPMyAdmin. Searching for 127.0.0.1 in the tables can give you a solution.
     
  12. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I just did a search and could not find anything that shows me why it would be blocked in the cphulkd database.
    The whitelist is listed as 127.0.0.1 with 0 in isprefix.
     
  13. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Anyone else have any other idea what could be causing this problem, even after I have whitelisted the IP and flushed the DB?
     
  14. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok so just an update, I have contacted my hosting company for some help and they have tried the following:

    I have gone ahead and whitelisted the IP at Cphulkd and firewall level (127.0.0.1).

    I have tested it and still get the same error. I am out of ideas. It seems like it is ignoring the whitelist.
     
  15. cPDavidN

    cPDavidN cPanel Developer
    Staff Member

    Joined:
    Mar 19, 2013
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    (For internal reference, this is connected to case 100089.)
     
  16. Kheang

    Kheang Member

    Joined:
    Apr 25, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok so I had another thought maybe it might help someone help me figure out this issue.
    The problem is not a failed login or excessive failed login block.
    It is basically blocking me because i am logging in too many times (with the right authentication).
    So how do I tell cpanel to not block my IP 127.0.0.1 even if I have the correct login information?
    I also noticed in the logins table whenever I run my script, an entry is added the info is followed:
    USER: root
    IP: (empty)
    SERVICE: system
    STATUS: 0
    LOGINTIME: (time)

    Hope it gives someone any ideas.
     
Loading...

Share This Page