"WHM/cPanel root access alert" from DNS cluster servers

Hi,

I've recently set up a new cPanel servers and have added the server to four other servers in an already present DNS cluster. After doing this I always receive an "WHM/cPanel root access alert" e-mail from every server in this DNS cluster as soon as a log onto WHM. Is this normal behaviour?

I've setup CSF/LFD on all servers, but only receive these alerts from this new server.

Now I know I can add the IP-addresses of these servers to the csf.allow file, but I just wanted to know if this new server is setup correctly as I've never seen this kind of behaviour before.

Thanks.

 

Hi InfoPro,

Thanks for your suggestion. cPHulk was indeed enabled. I've just diabled it as CSF/LFD will do a far better job i.m.o.

The alerts are actually send out by LFD :

Code:

lfd on server.domainname.xxx: WHM/cPanel root access alert from xxx.xx.xxx.xxx

 

Three of the four servers are used as DNS server (sync) and the other one is only using it (standalone).
The funny thing is all servers create the alert; also the standalone one. Besides that, only this new server generates these alerts and not also the other servers in the DNS cluster...

 

All servers are running the latest release version of cPanel. So, that's not it.
The ony thing I can think of is the difference in the version of BIND.
This new server is running CentOS 6 with its newest version of BIND and the other servers are much older running CentOS 4.x and 5.x.