Results 1 to 12 of 12
  1. #1
    Join Date
    Jan 2011
    Posts
    671

    Question Help Cant login to WHM or cPanel as root

    I am trying to login to root via WHM but getting invalid login, was working fine earlier. I am logged in as root via SSH and have tried changing password but still no effect:

    The following process is getting high CPU:

    /usr/local/cpanel/base/show_template.stor cpanel_locale docroot /usr/local/cpanel/base defaul
    Anyone know what this is?

  2. #2
    Join Date
    Jan 2011
    Posts
    671
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

    I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?

  3. #3
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,976
    Quote Originally Posted by kshazad86 View Post
    I am trying to login to root via WHM but getting invalid login, was working fine earlier. I am logged in as root via SSH and have tried changing password but still no effect:

    The following process is getting high CPU:



    Anyone know what this is?
    Have you recently updated or done any modifications?

    Please firstly try running a forced upcp Via SSH and see if that helps

    Regards,

  4. #4
    Join Date
    Aug 2012
    Posts
    3,100
    1. ClaimAV Scanner.
    2. CSF firewall.
    3. mod_security and suPHP
    4. regularly upgrade version of third party installed scripts.
    5. Always choose strong passwords for FTP, cPanel/WHM.
    BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
    WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
    Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support

  5. #5
    Join Date
    Jan 2011
    Posts
    671
    Quote Originally Posted by BestServerSupport View Post
    1. ClaimAV Scanner.
    2. CSF firewall.
    3. mod_security and suPHP
    4. regularly upgrade version of third party installed scripts.
    5. Always choose strong passwords for FTP, cPanel/WHM.
    All of these are actually running/installed, PHP Suhosin extension is missing, so I am thinking of getting this installed as extra security.

  6. #6
    Join Date
    Aug 2012
    Posts
    3,100
    Also, harden the Security Of /tmp Directory.

    1. Creating /tmp as a different partition.
    2. Setting /tmp as non-executable attributes.
    3. Refraining the use of /tmp for web scripts.
    BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
    WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
    Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support

  7. #7
    Quote Originally Posted by kshazad86 View Post
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

    I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?
    these might be of help...... help make server more secure... posted over on cpanel forums

    http://solidshellsecurity.com/tools/...-installer.php
    http://solidshellsecurity.com/tools/...-installer.php

  8. #8
    Join Date
    Nov 2011
    Location
    Nasik, MH,INDIA
    Posts
    850
    You can try upcp using below command :
    /scripts/upcp

  9. #9
    Join Date
    Jan 2008
    Location
    Raleigh, NC
    Posts
    1,071
    Quote Originally Posted by kshazad86 View Post
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

    I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?
    Id you're not sure what to do, I would recommend hiring a server/security admin. If you just start making changes to things willy-nilly, you could be breaking other things creating more problems.

  10. #10
    Join Date
    Sep 2012
    Location
    Frankfurt
    Posts
    22
    Have you contacted cPanel support? They where always helpful with my problems.

  11. #11
    Join Date
    Aug 2012
    Posts
    3,100
    Quote Originally Posted by kshazad86 View Post
    Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.
    Have you first checked how the brute force attack script was uploaded to server? You need to first search in FTP logs [/var/log/messages] to find this out.
    BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
    WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
    Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support

  12. #12
    Join Date
    Aug 2011
    Location
    India
    Posts
    283
    Unless you have clear idea about the method used to get the files into the server, you can't defend it compltely. Check the server and cpanel logs.
    Fred Bruner
    Business Analyst
    SupportSages.com- Bytes of Wisdom @ Work - Where guarantees and promises are made to keep!
    24/7 Support with 15 mins response time & no charge guarantees

  13. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. Get whm root login using port 2087 or 2086
    By HRR1963 in forum Hosting Security and Technology
    Replies: 7
    Last Post: 05-25-2012, 04:25 PM
  2. Cpanel send me Mail someone Login as root it was not me!
    By Slatko in forum Hosting Security and Technology
    Replies: 6
    Last Post: 02-16-2011, 05:21 PM
  3. How do I disable root login for WHM?
    By chasebug in forum Hosting Security and Technology
    Replies: 16
    Last Post: 10-22-2009, 04:18 AM
  4. CPanel Root Login
    By HostingFields in forum Hosting Security and Technology
    Replies: 14
    Last Post: 06-12-2009, 12:38 AM
  5. Deny root login + WHM?
    By mikeknoxv in forum Hosting Security and Technology
    Replies: 2
    Last Post: 02-16-2003, 12:32 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •