"WHM/cPanel root access alert" from DNS cluster servers

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
Hi,

I've recently set up a new cPanel servers and have added the server to four other servers in an already present DNS cluster. After doing this I always receive an "WHM/cPanel root access alert" e-mail from every server in this DNS cluster as soon as a log onto WHM. Is this normal behaviour?

I've setup CSF/LFD on all servers, but only receive these alerts from this new server.

Now I know I can add the IP-addresses of these servers to the csf.allow file, but I just wanted to know if this new server is setup correctly as I've never seen this kind of behaviour before.

Thanks.
 

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
Hi InfoPro,

Thanks for your suggestion. cPHulk was indeed enabled. I've just diabled it as CSF/LFD will do a far better job i.m.o.

The alerts are actually send out by LFD :

Code:
lfd on server.domainname.xxx: WHM/cPanel root access alert from xxx.xx.xxx.xxx
 

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
Three of the four servers are used as DNS server (sync) and the other one is only using it (standalone).
The funny thing is all servers create the alert; also the standalone one. Besides that, only this new server generates these alerts and not also the other servers in the DNS cluster...
 

garrettp

Well-Known Member
PartnerNOC
Jun 18, 2004
312
1
166
cPanel Access Level
DataCenter Provider
Are all of the servers running 11.30? If not this may explain the differences as 11.28 -> 11.30 was a major update.

My suggestion would be to add each of the clustered servers to the csf.ignore file since they are each a trusted source.
 

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
All servers are running the latest release version of cPanel. So, that's not it.
The ony thing I can think of is the difference in the version of BIND.
This new server is running CentOS 6 with its newest version of BIND and the other servers are much older running CentOS 4.x and 5.x.