The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM and LFD root access alert emails

Discussion in 'General Discussion' started by stampao, Jan 4, 2015.

  1. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hello,
    Since a few days ago when I access the WHM I do not receive alerts access. If I receive a warning when I access through SSH.
    And contact ConfigServer but apparently see nothing strange, someone happened and have any solution?

    Thank You.
     
  2. MilesWeb

    MilesWeb Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2012
    Messages:
    174
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Login to your server via SSH and open file /etc/csf/csf.conf. Check for RESTRICT_SYSLOG and see what is it set to. Set it to 0. Make sure LF_SSH_EMAIL_ALERT is set to 1. Restart csf and it should work.
     
  3. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    What I want to do is receive alerts WHM root access.
    I do not want to disable SSH alerts
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you using a gmail account for server alerts?
     
  5. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I tested with multiple accounts, I do not get emails from root to access WHM if I receive emails SSH access
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I asked about gmail as those emails could be being rate limited by gmail due to too many emails being sent to their servers from yours.

    SSH Login is not the same as logging into WHM. If you have your own IP whitelisted in CSF, CSF won't send you emails any longer for your logins. You could check this, by removing your IP from the whitelist in CSF, logout, and then log back in to see if an alert is sent out, then.
     
  7. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    The ip is not on the whitelist, and also tried to log in from a different ip and no mail is received whm access.
    Do not know what else to look ... any ideas?
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Feel free to open a ticket to cPanel Technical Support for assistance. If you do, post the ticket ID back here.

    Thanks
     
  9. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    The ticket that believes it was this 5902445, it was closed because it is none of your business, if you can do something, I appreciate it.
     
  10. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    any news about it?
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Going by that ticket, it seems that you are all sorted out here with this matter.

    Is there still some issue you need assistance with?
     
  12. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Not resolved, the ticket is closed, because the technician said it was not an external application and would not support me.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I believe you are mistaking a CSF feature with a cPanel/WHM feature. Have you enabled the option to receive a notification when root successfully logs in from an IP address that is not white listed via cPhulk (WHM Home >> Security Center >> cPHulk Brute Force Protection)?

    Thank you.
     
  14. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    On another server with cPHulk disabled, accessing whm from my browser, I receive these alerts LFD

    lfd on server.com: WHM/cPanel root access alert from IP
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  16. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    get emails like this, but not access emails WHM page.

    lfd on server.com: blocked 174.109.196.209 (US/United States/cpe-174-109-196-209.nc.res.r" for root
     
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  18. stampao

    stampao Member

    Joined:
    Jul 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Yes, and no email access does not appear to page WHM
     
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you elaborate on what you found? Did you use the "exigrep" utility to search for specific emails? Note that you may need to consult with CSF again if it's not a cPanel notification that's failing to work properly.

    Thank you.
     
Loading...

Share This Page