PublicAPI / API 2 / Access Denied error

[Kheang]

Hi,

I have a weird issue which I am not sure how to fix.
I am using the PublicAPI PHP library and have followed the instruction on coding a script to use that library to create email accounts, etc.

The script works no problem, the only issue is I keep getting Access Denied errors from time to time.
Even if I didn't change anything in my script at all.

If it works usually, normally it should always work no?

The thing is I am building an Email Management application for all my customers and I am using the PublicAPI to achieve this. Should I be concerned about security in regards of how I am implementing this?

Thanks!

 

[Kheang]

Ok so I fixed this issue by going in the Tweak settings under security and putting this to "On":
Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM.

It's odd that it was working before though, then suddenly stopped working at all until I put that.
Am I doing this correctly if I use "root" and the accesshash method will this be unsecure in anyway if my script communicates locally via 127.0.0.1 ?

I just want to make sure this will not be a security issue and if multiple users use the script at the same time will it cause a problem?

 

[Kheang]

Ok scratch what i said about it working again, it still doesn't work. I have no idea what is causing this Access Denied error. I thought my previous fix worked but it stopped working after a while again. But then came back. Any help would be appreciated!

 

[cPanelMichael]

Do you notice any error messages in /usr/local/cpanel/logs/login_log or /usr/local/cpanel/logs/error_log when the access denied message occurs?

Thank you.

 

[Kheang]

Do you notice any error messages in /usr/local/cpanel/logs/login_log or /usr/local/cpanel/logs/error_log when the access denied message occurs?

Thank you.

Wow this helps a lot!
In the login log i see this:

127.0.0.1 - root [04/25/2014:19:08:08 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1
127.0.0.1 - root [04/25/2014:19:08:10 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1
127.0.0.1 - root [04/25/2014:19:08:37 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

So I am assuming that because of the repeated queries I am doing it thinks it is brute force and locks it even if it comes from 127.0.0.1.

So I am assuming i need to whitelist this IP and it should work all the time from now on?
Do I add it in the cPHulk Brute Force Protection?

Thank you a lot for your help!

 

[KostonConsulting]

The PublicAPI classes aren't typically meant to be run on the cPanel/WHM server. You could whitelist 127.0.0.1 (the local server) but that could allow others with shell access to hammer the API. You should reach out to integration At cPanel dot NET to see if they can walk you through exactly what you are trying to accomplish.

 

[Kheang]

The PublicAPI classes aren't typically meant to be run on the cPanel/WHM server. You could whitelist 127.0.0.1 (the local server) but that could allow others with shell access to hammer the API. You should reach out to integration At cPanel dot NET to see if they can walk you through exactly what you are trying to accomplish.

Thank you I will look into that!

 

[Kheang]

Hmm I still have the Access Denied error even after I have added 127.0.0.1 in the whitelist under Security Center »
cPHulk Brute Force Protection... where else do I need to put it to fix this?

127.0.0.1 - root [04/28/2014:17:07:35 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

Any help is appreciated, thanks!

 

[mgastkemper]

Hmm I still have the Access Denied error even after I have added 127.0.0.1 in the whitelist under Security Center »
cPHulk Brute Force Protection... where else do I need to put it to fix this?

127.0.0.1 - root [04/28/2014:17:07:35 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

Any help is appreciated, thanks!

Try clearing the failed logins.

 

[Kheang]

Try clearing the failed logins.

Ok I did so and tried some tests again and the same problem occured after a while.

127.0.0.1 - root [04/28/2014:19:52:17 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

I am wondering is there any other places i should whitelist 127.0.0.1 other than cPHulk Brute Force Protection?

 

[mgastkemper]

Ok I did so and tried some tests again and the same problem occured after a while.

127.0.0.1 - root [04/28/2014:19:52:17 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1

I am wondering is there any other places i should whitelist 127.0.0.1 other than cPHulk Brute Force Protection?

I don't now another place. cPHulk stores it's data in a MySQL database accessible by PHPMyAdmin. Searching for 127.0.0.1 in the tables can give you a solution.

 

[Kheang]

I don't now another place. cPHulk stores it's data in a MySQL database accessible by PHPMyAdmin. Searching for 127.0.0.1 in the tables can give you a solution.

I just did a search and could not find anything that shows me why it would be blocked in the cphulkd database.
The whitelist is listed as 127.0.0.1 with 0 in isprefix.

 

[Kheang]

Anyone else have any other idea what could be causing this problem, even after I have whitelisted the IP and flushed the DB?

 

[Kheang]

Ok so just an update, I have contacted my hosting company for some help and they have tried the following:

I have gone ahead and whitelisted the IP at Cphulkd and firewall level (127.0.0.1).

I have tested it and still get the same error. I am out of ideas. It seems like it is ignoring the whitelist.

 

[DavidN.]

(For internal reference, this is connected to case 100089.)

 

[Kheang]

Ok so I had another thought maybe it might help someone help me figure out this issue.
The problem is not a failed login or excessive failed login block.
It is basically blocking me because i am logging in too many times (with the right authentication).
So how do I tell cpanel to not block my IP 127.0.0.1 even if I have the correct login information?
I also noticed in the logins table whenever I run my script, an entry is added the info is followed:
USER: root
IP: (empty)
SERVICE: system
STATUS: 0
LOGINTIME: (time)

Hope it gives someone any ideas.