Which user is causing the (cpanel) Failed cPanel login

I

Infopro

Well-Known Member
May 20, 2003
17,085
521
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Not in CSF but in the /usr/local/cpanel/logs/login_log you should see the failed login. Try logging in as any user with the wrong password or edit the username a letter or two, and then check that log for your IP address. You should see something like this:
"GET / HTTP/1.1" FAILED LOGIN cpaneld: user name not provided or invalid user
Click to expand...
Is that the real user? How would you know unless you knew all your valid users IP addresses from wherever they might login from.
 
L

lockefaltaba

Member
Oct 24, 2012
11
0
1
cPanel Access Level
Root Administrator
So you propose there's no other solution than doing a correlation between CPanel logs and lfd logs ?
I always thought there would be an lfd configuration to catch the http request or so to be able to see the user who failed the login.

- - - Updated - - -

So you propose there's no other solution than doing a correlation between CPanel logs and lfd logs ?
I always thought there would be an lfd configuration to catch the http request or so to be able to see the user who failed the login.
 
I

Infopro

Well-Known Member
May 20, 2003
17,085
521
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
There is, and LFD will block if configured to, and email you, if configured. If you want to go look at those after the fact which it sounds like in this post:
lockefaltaba said:
Hi.

Does anybody know if I may have some configuration in CSF/LFD to be able to see the user who made so many failed logins that the IP was blocked ?
Click to expand...
Then you'll need to look at the log.
 
L

lockefaltaba

Member
Oct 24, 2012
11
0
1
cPanel Access Level
Root Administrator
Infopro said:
There is, and LFD will block if configured to, and email you, if configured. If you want to go look at those after the fact which it sounds like in this post:
Then you'll need to look at the log.
Click to expand...
As for the email, no need, we would be 24/7 receiving alerts as LFD as indeed the blocking itself it's working. However I still haven't been able to find the LFD option to add the failed user to the logs. ....not quite sure if we are understanding each other :)
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
carock share 2FA with multiple users Security 3
J lfd on server.com: Suspicious process running under user username Security 6
H Restrict user from accessing other cPanel account files Security 7
Tarak Nath Ping command allow to cPanel user Security 16
O User strays out of virtual domain causing Kaos! Security 2
Similar threads
share 2FA with multiple users
lfd on server.com: Suspicious process running under user username
Restrict user from accessing other cPanel account files
Ping command allow to cPanel user
User strays out of virtual domain causing Kaos!
Top Bottom