"WHM/cPanel root access alert" from DNS cluster servers

B

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
Hi,

I've recently set up a new cPanel servers and have added the server to four other servers in an already present DNS cluster. After doing this I always receive an "WHM/cPanel root access alert" e-mail from every server in this DNS cluster as soon as a log onto WHM. Is this normal behaviour?

I've setup CSF/LFD on all servers, but only receive these alerts from this new server.

Now I know I can add the IP-addresses of these servers to the csf.allow file, but I just wanted to know if this new server is setup correctly as I've never seen this kind of behaviour before.

Thanks.
 
B

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
Hi InfoPro,

Thanks for your suggestion. cPHulk was indeed enabled. I've just diabled it as CSF/LFD will do a far better job i.m.o.

The alerts are actually send out by LFD :

Code: 
lfd on server.domainname.xxx: WHM/cPanel root access alert from xxx.xx.xxx.xxx
 
B

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
Three of the four servers are used as DNS server (sync) and the other one is only using it (standalone).
The funny thing is all servers create the alert; also the standalone one. Besides that, only this new server generates these alerts and not also the other servers in the DNS cluster...
 
G

garrettp

Well-Known Member
PartnerNOC
Jun 18, 2004
312
1
166
cPanel Access Level
DataCenter Provider
Are all of the servers running 11.30? If not this may explain the differences as 11.28 -> 11.30 was a major update.

My suggestion would be to add each of the clustered servers to the csf.ignore file since they are each a trusted source.
 
B

Bdzzld

Well-Known Member
Apr 3, 2004
412
5
168
All servers are running the latest release version of cPanel. So, that's not it.
The ony thing I can think of is the difference in the version of BIND.
This new server is running CentOS 6 with its newest version of BIND and the other servers are much older running CentOS 4.x and 5.x.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
K My WHM/cpanel account hacked? No access to root Security 10
N Security Questions for root (WHM) only (and not cPanel users) ? Security 2
K SOLVED [CPANEL-23803] AutoSSL "No document root exists for the domain" errors since whm v76 Security 14
A WHM/cPanel root access alert from unrecognizable IP address. Security 9
M WHM/cPanel root access alert - Possible Hack Security 1
Similar threads
My WHM/cpanel account hacked? No access to root
Security Questions for root (WHM) only (and not cPanel users) ?
SOLVED [CPANEL-23803] AutoSSL "No document root exists for the domain" errors since whm v76
WHM/cPanel root access alert from unrecognizable IP address.
WHM/cPanel root access alert - Possible Hack
Top Bottom