Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

security token missing logging into cpanel

Discussion in 'Security' started by andy_pajerotdi, Oct 26, 2010.

  1. andy_pajerotdi

    andy_pajerotdi Registered

    Joined:
    Oct 16, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    Hello there,

    i wonder if someone can help me, i keep getting a security token missing error when i go to the logon page in cpanel, it only started today or certainly in the last 3 days but it seems to be having an effect on password protected directorys, anyone else seen this before ?
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please try unchecking this in WHM > Tweak Settings:

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,544
    Likes Received:
    9
    Trophy Points:
    268
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    The security token option, as enabled or disabled via WebHost Manager, will only affect access to cPanel, WHM, and Webmail; it should not under any circumstances affect password-protected directories that are accessed through Apache/httpd.

    Please elaborate into further detail about what you are seeing that indicates an affect on password protected directories; any additional information that you can provide should help us to better identify the difficulty.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    166
    I ended up setting Security Tokens to "ON". Now I am logged out of my WHM altogether. How can I disable it from the command line (ssh) or something so that I can see my WHM again? Thanks!
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You would need to edit /var/cpanel/cpanel.config file for this line:

    Code:
    xsrftokens=1
    Please change the 1 to a 0, then save the file. At that point, run the following command to push the changes:

    Code:
    /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    471
    Likes Received:
    4
    Trophy Points:
    168
    Although this is an old thread, I have been facing this issue with my servers. I have the "Security Tokens [?]" as OFF and even then I get this "WHM Login Security" warning many a times a day.

    Every time I have to login via shell and edit this file /var/cpanel/cpanel.config as mentioned by Tristan.

    Is there a permanent solution for this ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The setting keeps reverting? If it is reverting, then some cron job is likely replacing your settings with some other settings. Have you tried changing it in WHM as well to see if it stays with that new option?

    I know of one specific hosting provider who cron pushes daily /var/cpanel/cpanel.config to all their machines (or they used to). This was causing untold issues such as DNS clustering sync issues where their nameservers were having a high number of re-sync processes due to pushing that file daily. If anyone is cron setting it to be changed daily for some reason, that will cause a slew of issues.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    471
    Likes Received:
    4
    Trophy Points:
    168
    Hello Tristan,

    Yes, WHM is set to OFF, but many a times during the day it gives me a warning message and I have to manually set it to 0 ( zero) to get it back working and we do not have a cron set for this :(

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please submit a ticket about this issue. If it keeps changing to 1 in that file, something is causing that to happen.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    471
    Likes Received:
    4
    Trophy Points:
    168
    I'' do that, Thank you :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice