security token missing logging into cpanel

andy_pajerotdi

Registered
Oct 16, 2010
2
0
51
Hello there,

i wonder if someone can help me, i keep getting a security token missing error when i go to the logon page in cpanel, it only started today or certainly in the last 3 days but it seems to be having an effect on password protected directorys, anyone else seen this before ?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Please try unchecking this in WHM > Tweak Settings:

Require security tokens for all interfaces. This will greatly improve the security of cPanel and WHM against XSRF attacks, but may break integration with other systems, login applications, billing software and third party themes.
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Hello there,

i wonder if someone can help me, i keep getting a security token missing error when i go to the logon page in cpanel, it only started today or certainly in the last 3 days but it seems to be having an effect on password protected directorys, anyone else seen this before ?
The security token option, as enabled or disabled via WebHost Manager, will only affect access to cPanel, WHM, and Webmail; it should not under any circumstances affect password-protected directories that are accessed through Apache/httpd.

Please elaborate into further detail about what you are seeing that indicates an affect on password protected directories; any additional information that you can provide should help us to better identify the difficulty.
 

erick_paper

Well-Known Member
Apr 19, 2005
245
0
166
I ended up setting Security Tokens to "ON". Now I am logged out of my WHM altogether. How can I disable it from the command line (ssh) or something so that I can see my WHM again? Thanks!
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
You would need to edit /var/cpanel/cpanel.config file for this line:

Code:
xsrftokens=1
Please change the 1 to a 0, then save the file. At that point, run the following command to push the changes:

Code:
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
 

furquan

Well-Known Member
Jul 27, 2002
473
4
168
Although this is an old thread, I have been facing this issue with my servers. I have the "Security Tokens [?]" as OFF and even then I get this "WHM Login Security" warning many a times a day.

Every time I have to login via shell and edit this file /var/cpanel/cpanel.config as mentioned by Tristan.

Is there a permanent solution for this ?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
The setting keeps reverting? If it is reverting, then some cron job is likely replacing your settings with some other settings. Have you tried changing it in WHM as well to see if it stays with that new option?

I know of one specific hosting provider who cron pushes daily /var/cpanel/cpanel.config to all their machines (or they used to). This was causing untold issues such as DNS clustering sync issues where their nameservers were having a high number of re-sync processes due to pushing that file daily. If anyone is cron setting it to be changed daily for some reason, that will cause a slew of issues.
 

furquan

Well-Known Member
Jul 27, 2002
473
4
168
Hello Tristan,

Yes, WHM is set to OFF, but many a times during the day it gives me a warning message and I have to manually set it to 0 ( zero) to get it back working and we do not have a cron set for this :(

Thank you
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Please submit a ticket about this issue. If it keeps changing to 1 in that file, something is causing that to happen.
 

furquan

Well-Known Member
Jul 27, 2002
473
4
168
I'' do that, Thank you :)