Results 1 to 12 of 12
  1. #1

    Question Help Cant login to WHM or cPanel as root

    I am trying to login to root via WHM but getting invalid login, was working fine earlier. I am logged in as root via SSH and have tried changing password but still no effect:

    The following process is getting high CPU:

    /usr/local/cpanel/base/show_template.stor cpanel_locale docroot /usr/local/cpanel/base defaul
    Anyone know what this is?

  2. #2
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

    I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?

  3. #3
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by kshazad86 View Post
    I am trying to login to root via WHM but getting invalid login, was working fine earlier. I am logged in as root via SSH and have tried changing password but still no effect:

    The following process is getting high CPU:



    Anyone know what this is?
    Have you recently updated or done any modifications?

    Please firstly try running a forced upcp Via SSH and see if that helps

    Regards,
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  4. #4
    1. ClaimAV Scanner.
    2. CSF firewall.
    3. mod_security and suPHP
    4. regularly upgrade version of third party installed scripts.
    5. Always choose strong passwords for FTP, cPanel/WHM.

  5. #5
    Quote Originally Posted by BestServerSupport View Post
    1. ClaimAV Scanner.
    2. CSF firewall.
    3. mod_security and suPHP
    4. regularly upgrade version of third party installed scripts.
    5. Always choose strong passwords for FTP, cPanel/WHM.
    All of these are actually running/installed, PHP Suhosin extension is missing, so I am thinking of getting this installed as extra security.

  6. #6
    Also, harden the Security Of /tmp Directory.

    1. Creating /tmp as a different partition.
    2. Setting /tmp as non-executable attributes.
    3. Refraining the use of /tmp for web scripts.

  7. #7
    Quote Originally Posted by kshazad86 View Post
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

    I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?
    these might be of help...... help make server more secure... posted over on cpanel forums

    http://solidshellsecurity.com/tools/...-installer.php
    http://solidshellsecurity.com/tools/...-installer.php

  8. #8
    Join Date
    Nov 2011
    Location
    Nasik, MH,INDIA
    Posts
    862
    You can try upcp using below command :
    /scripts/upcp

  9. #9
    Join Date
    Jan 2008
    Posts
    1,427
    Quote Originally Posted by kshazad86 View Post
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

    I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?
    Id you're not sure what to do, I would recommend hiring a server/security admin. If you just start making changes to things willy-nilly, you could be breaking other things creating more problems.

  10. #10
    Join Date
    Sep 2012
    Location
    Frankfurt
    Posts
    22
    Have you contacted cPanel support? They where always helpful with my problems.

  11. #11
    Quote Originally Posted by kshazad86 View Post
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.
    Have you first checked how the brute force attack script was uploaded to server? You need to first search in FTP logs [/var/log/messages] to find this out.

  12. #12
    Join Date
    Aug 2011
    Location
    India
    Posts
    288
    Unless you have clear idea about the method used to get the files into the server, you can't defend it compltely. Check the server and cpanel logs.
    Fred Bruner
    Business Analyst
    SupportSages.com- Bytes of Wisdom @ Work - Where guarantees and promises are made to keep!
    24/7 Support with 15 mins response time & no charge guarantees

Similar Threads

  1. Get whm root login using port 2087 or 2086
    By HRR-- in forum Hosting Security and Technology
    Replies: 7
    Last Post: 05-25-2012, 04:25 PM
  2. Cpanel send me Mail someone Login as root it was not me!
    By Slatko in forum Hosting Security and Technology
    Replies: 6
    Last Post: 02-16-2011, 05:21 PM
  3. How do I disable root login for WHM?
    By chasebug in forum Hosting Security and Technology
    Replies: 16
    Last Post: 10-22-2009, 04:18 AM
  4. CPanel Root Login
    By HostingFields in forum Hosting Security and Technology
    Replies: 14
    Last Post: 06-12-2009, 12:38 AM
  5. Deny root login + WHM?
    By mikeknoxv in forum Hosting Security and Technology
    Replies: 2
    Last Post: 02-16-2003, 12:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •