Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Site Issues After Update

Discussion in 'General Discussion' started by 517634, Apr 26, 2017.

  1. 517634

    517634 Member

    Joined:
    Feb 27, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hey all,

    So I'm pretty sure cPanel updated last night at least from what I can gather reading the error log it did. At first all of my sites were "down" I have Cloudflare, and it was saying that my site was offline. I was able to get a non Cloudflare domain to give me a 502 error. I rebooted and everything front end seems fine. Trying to login to cPanel or WHM throws a 503 error.

    Here's the dump of what I got from the error log.

    Code:
    [2017-04-26 00:36:03 -0500] info [updatenow] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
    [2017-04-26 00:36:03 -0500] info [updatenow] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 00:37:19 -0500] info [autorepair] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 00:37:26 -0500] info [cpservice] Installing the cpipv6 service.
    [2017-04-26 00:37:30 -0500] info [apache_conf_distiller] Missing owner for domain hou.houstonhistoricretail.com, force lookup to root
    [2017-04-26 00:37:31 -0500] warn [apache_conf_distiller] Unable to determine domain 162.245.219.149 ownership. Attempting lookup on domain 245.219.149 (manually added domain). at /$
            ApacheConfDistiller::run("--update", "--verbose") called at /usr/local/cpanel/bin/apache_conf_distiller line 2003
    [2017-04-26 00:37:31 -0500] warn [apache_conf_distiller] Unable to determine domain 162.245.219.149 ownership. Setting user to 'nobody'. at /usr/local/cpanel/bin/apache_conf_distil$
            ApacheConfDistiller::run("--update", "--verbose") called at /usr/local/cpanel/bin/apache_conf_distiller line 2003
    [2017-04-26 00:37:31 -0500] warn [apache_conf_distiller] Unable to determine domain hou.houstonhistoricretail.com ownership. Attempting lookup on domain houstonhistoricretail.com ($
            ApacheConfDistiller::run("--update", "--verbose") called at /usr/local/cpanel/bin/apache_conf_distiller line 2003
    [2017-04-26 00:37:35 -0500] info [cpservice] Installing the fastmail service.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the cpanellogd.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the cpdavd.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the cpanelquotaonboot.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the smtpmailgidonly.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the tailwatchd.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the cpanel_php_fpm.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the queueprocd.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the dnsadmin.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the cpgreylistd.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the cphulkd.service subservice.
    [2017-04-26 00:37:39 -0500] info [cpservice] Installing the cpanel service.
    [2017-04-26 00:37:40 -0500] info [cpservice] Installing the ipaliases service.
    [2017-04-26 00:37:42 -0500] info [install_locallib_loginprofile] local::lib is installed for system perl
    [2017-04-26 00:37:49 -0500] info [cpanelsync] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 00:37:49 -0500] info [cpanelsync] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 00:37:50 -0500] warn [whostmgr2] Failed to locate postgresql CLI application
    ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@$
    [2017-04-26 04:43:16 -0500] info [cpaddons] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 04:43:33 -0500] info [cpanelsync] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 04:43:33 -0500] info [cpanelsync] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 04:43:33 -0500] info [cpanelsync] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 04:43:33 -0500] info [cpanelsync] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 04:43:40 -0500] info [cpaddons] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 06:15:02 -0500] info [autorepair] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 12:18:06 -0500] info [autorepair] Successfully verified signature for cpanel (key types: release).
    [2017-04-26 18:17:38 -0500] info [autorepair] Successfully verified signature for cpanel (key types: release).
    
    If anyone has any advice, please let me know! Thank you!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know what output you see in /usr/local/cpanel/logs/login_log when you attempt to login via cPanel or WHM?

    Thank you.
     
  3. 517634

    517634 Member

    Joined:
    Feb 27, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Okay, I checked it out. The most recent error logs are from the 24th of the month?

    It says it's a brute force attempt. Every log other than the first one is just repeated a bunch.

    Code:
    [2017-04-24 00:49:39 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:40 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:41 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:42 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:42 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:43 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:43 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:44 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:45 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:45 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:46 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:46 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:47 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:48 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:48 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:49 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:50 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:50 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:51 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:51 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:52 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:52 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:53 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:54 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:54 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:55 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:55 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:56 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:57 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:58 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:59 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:49:59 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:50:00 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:50:01 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 00:50:01 -0500] info [cpaneld] 141.101.105.159 - railchan "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user railchan) has locked ou$
    [2017-04-24 04:37:16 -0500] info [cpaneld] 40.68.45.235 - houstonh "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user houstonh (loadcpdata failed)
    Lemme know where to go from here. I've never dealt with a brute force attempt before :/
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The log files should not be a few days old if your failed login attempts are recent. Are you sure the URL you are using to access cPanel/WHM is correct? For instance, have you tried logging in using the server's IP address to rule out any DNS issues with the domain name? Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

    Thank you.
     
  5. 517634

    517634 Member

    Joined:
    Feb 27, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yeah, I'm positive. I've tried across different domains, tried the subdomains I set eg: cpanel.domain.com along with domain.com:2082 and IP:2082. I've also tried the WHM equivalent for all these, with no luck. Guess it's time to open up a ticket. :/
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here once it's open.

    Thank you.
     
  7. 517634

    517634 Member

    Joined:
    Feb 27, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm unable to get the Support Access ID. Obviously I can't login to find it, and when I try the command, I don't get any output. Without this I can't submit the ticket, correct?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You can send an email to our Customer Service team (cs @ cpanel.net) and ask them to forward your request over to our Technical Support department.

    Thank you.
     
  9. 517634

    517634 Member

    Joined:
    Feb 27, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Sent, Thank you! (Just to confirm this will open a ticket, right?)
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, that's correct.

    Thanks!
     
Loading...

Share This Page