WHM and LFD root access alert emails

[stampao]

Hello,
Since a few days ago when I access the WHM I do not receive alerts access. If I receive a warning when I access through SSH.
And contact ConfigServer but apparently see nothing strange, someone happened and have any solution?

Thank You.

 

[MilesWeb]

Hello,
Since a few days ago when I access the WHM I do not receive alerts access. If I receive a warning when I access through SSH.
And contact ConfigServer but apparently see nothing strange, someone happened and have any solution?

Thank You.

Login to your server via SSH and open file /etc/csf/csf.conf. Check for RESTRICT_SYSLOG and see what is it set to. Set it to 0. Make sure LF_SSH_EMAIL_ALERT is set to 1. Restart csf and it should work.

 

[stampao]

What I want to do is receive alerts WHM root access.
I do not want to disable SSH alerts

 

[Infopro]

Are you using a gmail account for server alerts?

 

[stampao]

I tested with multiple accounts, I do not get emails from root to access WHM if I receive emails SSH access

 

[Infopro]

I asked about gmail as those emails could be being rate limited by gmail due to too many emails being sent to their servers from yours.

SSH Login is not the same as logging into WHM. If you have your own IP whitelisted in CSF, CSF won't send you emails any longer for your logins. You could check this, by removing your IP from the whitelist in CSF, logout, and then log back in to see if an alert is sent out, then.

 

[stampao]

The ip is not on the whitelist, and also tried to log in from a different ip and no mail is received whm access.
Do not know what else to look ... any ideas?

 

[Infopro]

Feel free to open a ticket to cPanel Technical Support for assistance. If you do, post the ticket ID back here.

Thanks

 

[stampao]

The ticket that believes it was this 5902445, it was closed because it is none of your business, if you can do something, I appreciate it.

 

[stampao]

any news about it?

 

[Infopro]

any news about it?

Going by that ticket, it seems that you are all sorted out here with this matter.

Is there still some issue you need assistance with?

 

[stampao]

Not resolved, the ticket is closed, because the technician said it was not an external application and would not support me.

 

[cPanelMichael]

Hello

I believe you are mistaking a CSF feature with a cPanel/WHM feature. Have you enabled the option to receive a notification when root successfully logs in from an IP address that is not white listed via cPhulk (WHM Home >> Security Center >> cPHulk Brute Force Protection)?

Thank you.

 

[stampao]

On another server with cPHulk disabled, accessing whm from my browser, I receive these alerts LFD

lfd on server.com: WHM/cPanel root access alert from IP

 

[cPanelMichael]

Do you see any indication the notification was sent in /var/log/exim_mainlog? EX:

exigrep lfd /var/log/exim_mainlog

Thank you.

 

[stampao]

get emails like this, but not access emails WHM page.

lfd on server.com: blocked 174.109.196.209 (US/United States/cpe-174-109-196-209.nc.res.r" for root

 

[cPanelMichael]

Hello

Were you able to check /var/log/exim_mainlog as mentioned in my previous post?

Thank you.

 

[stampao]

Yes, and no email access does not appear to page WHM

 

[cPanelMichael]

Yes, and no email access does not appear to page WHM

Could you elaborate on what you found? Did you use the "exigrep" utility to search for specific emails? Note that you may need to consult with CSF again if it's not a cPanel notification that's failing to work properly.

Thank you.