The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM Invalid Login

Discussion in 'Security' started by spear1976, Jun 30, 2014.

  1. spear1976

    spear1976 Member

    Joined:
    Jun 23, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi,

    I think my site got hacked. I'm not sure how, but this is what has happened:

    When i login through the WHN site with regular user/password, i get "invalid login".
    I have logged into my root account on SSH (which works), and tried running
    " /usr/local/cpanel/scripts/realchpass root MYPASS", but then get the following message:

    Code:
    File hosts.deny not changed so no update needed
    root@hotell [/etc]#  /usr/local/cpanel/scripts/realchpass root ************
    warn [realchpass] Insecure passing of password on ARGV.
    ERROR: /usr/local/cpanel/scripts/realchpass
    Invocation changes only the system
    password and does not have any effect
    on other services associated with your
    cPanel account, including FTP, SSH,
    WebDAV, and FrontPage.  It is strongly
    encouraged for you to change the
    password via the WHM & cPanel
    interface. You can force a password
    change through this script by setting
    the environment variable
    'ALLOW_PASSWORD_CHANGE=1'.
    I hade 32 attemts to login this night, all from China, but they are still trying for some reason. My syste was pretty thight after definition of the security advisor, so i'm not sure what has happened.

    How can i restore access? Am i doing something wrong from Commandline? Or is there another way in apart from reinstall of system?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you sure that authentication has not been blocked by cPhulk brute force detection? Are you able to access Web Host Manager as "root" to see if it's enabled?

    Thank you.
     
  3. spear1976

    spear1976 Member

    Joined:
    Jun 23, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi again,

    This is what my cPanel WHM error logs says:

    Code:
    Duplicate logaccess:  at cpsrvd-ssl line 3561
            cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3142
            cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd-ssl line 6377
            cpanel::cpsrvd::docheckpass_whostmgrd(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, ...) called at cpsrvd-ssl line 5571
            cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1287
            cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1149
            cpanel::cpsrvd::script() called at cpsrvd-ssl line 435
    
     
  4. spear1976

    spear1976 Member

    Joined:
    Jun 23, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi,

    (emabarrasing)
    After running cpup, and changing root password i got in.
    However the root change did not work before the manual cpup.
    Hopefully someone can tell me more about the error log from cpup posted earlier.

    (Poor moderator, sorry for my many posts)
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The output you provided can happen when you attempt to access cPanel with invalid login credentials. Internal case number 97525 is open to address that issue, but it's not the cause of the failed login itself.

    Thank you.
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    If you need to change the root password from command line you should probably use the passwd utility, not the cpanel "realchpass" function.

    Also, you (or a mod) should munge the password in your first post ;)
     
  7. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I've modified your first post and removed your root password, I strongly recommend you change it again...
     
Loading...

Share This Page