The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Root Password Stops Working Weekly

Discussion in 'General Discussion' started by Brian Johnson, Apr 19, 2015.

  1. Brian Johnson

    Brian Johnson Member

    Joined:
    Mar 2, 2015
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lakeville, Minnesota, United S
    cPanel Access Level:
    Website Owner
    I am the only admin on my server, and the password for the root/admin accounts to log in to WHM stops working after about a week of setting it.

    I can't find any security settings that would cause this, and regardless, I'm not sure how I would know what the new password is if it's doing it automatically. I've been having to log in via my hosting provider's dashboard which doesn't require additional authentication, where I then just change the password back to what I know it to be, and then it works again.

    Any idea where I should be looking? I have moderate security settings, about the minimum to be PCI compliant. So I guess if anyone knows of anything that would change the password without me knowing that's related to PCI-compliant security standards, perhaps you can point me in the right direction!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I suggest checking the brute force history via:

    "WHM >> Security Center >> cPHulk Brute Force Protection"

    It's possible the "root" user was locked out by cPhulk, thus you were unable to login. You can also search for your IP address in:

    /usr/local/cpanel/logs/cphulkd.log

    Thank you.
     
  3. Brian Johnson

    Brian Johnson Member

    Joined:
    Mar 2, 2015
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lakeville, Minnesota, United S
    cPanel Access Level:
    Website Owner
    But it seems to happen weekly, even when I'm using the correct credentials and haven't done anything else. The regularity is what makes me think it's not that.

    Also, when I reset the password I can immediately log in again. Does resetting the password automatically clear you from this list?

    And I did check cPHulk, didn't see anything in there about me, or anyone at the moment. My IP is on the whitelist, however.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    You can review the /root/.bash_history file to see if you notice any bash commands to change the root password. Do you have any third-party applications with the root password stored, or any other users with root access? Have you tried using the "Host Access Control" option to limit SSH access to your own IP to see if the password still fails to work?

    Thank you.
     
Loading...

Share This Page