hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Help Cant login to WHM or cPanel as root
Reply

Forum Jump

Help Cant login to WHM or cPanel as root

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 10-16-2012, 11:23 AM
kshazad86 kshazad86 is offline
Web Hosting Master
 
Join Date: Jan 2011
Posts: 607
Question

Help Cant login to WHM or cPanel as root


I am trying to login to root via WHM but getting invalid login, was working fine earlier. I am logged in as root via SSH and have tried changing password but still no effect:

The following process is getting high CPU:

Quote:
/usr/local/cpanel/base/show_template.stor cpanel_locale docroot /usr/local/cpanel/base defaul
Anyone know what this is?

Reply With Quote


Sponsored Links
  #2  
Old 10-16-2012, 11:41 AM
kshazad86 kshazad86 is offline
Web Hosting Master
 
Join Date: Jan 2011
Posts: 607
Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?

Reply With Quote
  #3  
Old 10-16-2012, 11:42 AM
cd/home cd/home is offline
Web Hosting Master
 
Join Date: Nov 2009
Location: /etc/my.cnf
Posts: 9,238
Quote:
Originally Posted by kshazad86 View Post
I am trying to login to root via WHM but getting invalid login, was working fine earlier. I am logged in as root via SSH and have tried changing password but still no effect:

The following process is getting high CPU:



Anyone know what this is?
Have you recently updated or done any modifications?

Please firstly try running a forced upcp Via SSH and see if that helps

Regards,

__________________
LeapHost Solid High Performance Litespeed + Varnish + RAMDisk + MariaDB Hosting.
Managed Colocation | Uptime Monitoring | Backups | Proactive Server Management.
Server Setups | Stable Migrations | Security/Hardening | cPanel DNS Cluster Setups.
24/7 Ticket + Phone + Live Chat Support | Fancy An Offer > | Visit Our Special Offers


Reply With Quote
Sponsored Links
  #4  
Old 10-16-2012, 11:54 AM
BestServerSupport BestServerSupport is offline
Web Hosting Master
 
Join Date: Aug 2012
Posts: 3,100
1. ClaimAV Scanner.
2. CSF firewall.
3. mod_security and suPHP
4. regularly upgrade version of third party installed scripts.
5. Always choose strong passwords for FTP, cPanel/WHM.

__________________
BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support


Reply With Quote
  #5  
Old 10-16-2012, 11:56 AM
kshazad86 kshazad86 is offline
Web Hosting Master
 
Join Date: Jan 2011
Posts: 607
Quote:
Originally Posted by BestServerSupport View Post
1. ClaimAV Scanner.
2. CSF firewall.
3. mod_security and suPHP
4. regularly upgrade version of third party installed scripts.
5. Always choose strong passwords for FTP, cPanel/WHM.
All of these are actually running/installed, PHP Suhosin extension is missing, so I am thinking of getting this installed as extra security.

Reply With Quote
  #6  
Old 10-16-2012, 12:06 PM
BestServerSupport BestServerSupport is offline
Web Hosting Master
 
Join Date: Aug 2012
Posts: 3,100
Also, harden the Security Of /tmp Directory.

1. Creating /tmp as a different partition.
2. Setting /tmp as non-executable attributes.
3. Refraining the use of /tmp for web scripts.

__________________
BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support


Reply With Quote
  #7  
Old 10-16-2012, 04:21 PM
MikeSpenclers MikeSpenclers is offline
WHT Addict
 
Join Date: Jul 2012
Posts: 122
Quote:
Originally Posted by kshazad86 View Post
Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?
these might be of help...... help make server more secure... posted over on cpanel forums

http://solidshellsecurity.com/tools/...-installer.php
http://solidshellsecurity.com/tools/...-installer.php

Reply With Quote
  #8  
Old 10-16-2012, 05:48 PM
dareORdie dareORdie is offline
Disabled
 
Join Date: Nov 2011
Location: Nasik, MH,INDIA
Posts: 850
You can try upcp using below command :
Quote:
/scripts/upcp

Reply With Quote
  #9  
Old 10-16-2012, 05:51 PM
Kingfish85 Kingfish85 is offline
Web Hosting Master
 
Join Date: Jan 2008
Location: Raleigh, NC
Posts: 845
Quote:
Originally Posted by kshazad86 View Post
Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.

I already have brute force protection enabled on the server, so how can I make my servers more protected from these type of scripts?
Id you're not sure what to do, I would recommend hiring a server/security admin. If you just start making changes to things willy-nilly, you could be breaking other things creating more problems.

Reply With Quote
  #10  
Old 10-16-2012, 07:27 PM
Seb_A Seb_A is offline
Newbie
 
Join Date: Sep 2012
Location: Frankfurt
Posts: 22
Have you contacted cPanel support? They where always helpful with my problems.

Reply With Quote
  #11  
Old 10-17-2012, 09:20 AM
BestServerSupport BestServerSupport is offline
Web Hosting Master
 
Join Date: Aug 2012
Posts: 3,100
Quote:
Originally Posted by kshazad86 View Post
Ok, I did some further analysis, seems like some idiot uploaded cPanel brute force script and was trying to crack the servers root password.
Have you first checked how the brute force attack script was uploaded to server? You need to first search in FTP logs [/var/log/messages] to find this out.

__________________
BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support


Reply With Quote
  #12  
Old 10-18-2012, 12:40 AM
ssfred ssfred is offline
Web Hosting Guru
 
Join Date: Aug 2011
Location: India
Posts: 283
Unless you have clear idea about the method used to get the files into the server, you can't defend it compltely. Check the server and cpanel logs.

__________________
Fred Bruner
Business Analyst
SupportSages.com- Bytes of Wisdom @ Work - Where guarantees and promises are made to keep!
24/7 Support with 15 mins response time & no charge guarantees


Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Get whm root login using port 2087 or 2086 HRR1963 Hosting Security and Technology 7 05-25-2012 04:25 PM
Cpanel send me Mail someone Login as root it was not me! Slatko Hosting Security and Technology 6 02-16-2011 05:21 PM
How do I disable root login for WHM? chasebug Hosting Security and Technology 16 10-22-2009 04:18 AM
CPanel Root Login Atjeu-Damir Hosting Security and Technology 14 06-12-2009 12:38 AM
Deny root login + WHM? mikeknoxv Hosting Security and Technology 2 02-16-2003 12:32 PM

Related posts from TheWhir.com
Title Type Date Posted
SSHD Rootkit in the Wild Blog 2013-02-22 16:44:08
cPanel Releases cPanel, WHM 11.34 with New User Interface Web Hosting News 2012-10-16 13:09:49
cPanel Conference 2012: Branding and How to Do it Better with Felipe Gasper Web Hosting News 2012-10-09 18:00:02
cPanel Conference 2012: What's New with cPanel and WHM with Ken Power Web Hosting News 2012-11-12 13:54:56
Video: cPanel and Attracta Talk About Integrating SEO Tools into the Hosting Control Panel Whir Tv 2014-05-02 15:24:21


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?