Skip to main content

cPanel User Blocked From API Calls

Comments

13 comments

  • rpvw
    I suspect that the IP was blocked by the cPHulk service. The block will very likely only be for a few minutes if you are using the default configuration. You can unblock it in WHM by going to Security Center > cPHulk Brute Force Protection > History Reports and checking the Reports (select a report) to find which block your user/IP is in, and clicking on the corresponding Remove Block link You may also want to add YOUR IP to the whitelist management tab to prevent you getting blocked yourself, especially whilst testing :) See cPHulk Brute Force Protection - Version 74 Documentation - cPanel Documentation for full details.
    0
  • CanadaGuy
    I suspect that the IP was blocked by the cPHulk service. The block will very likely only be for a few minutes if you are using the default configuration. You can unblock it in WHM by going to Security Center > cPHulk Brute Force Protection > History Reports and checking the Reports (select a report) to find which block your user/IP is in, and clicking on the corresponding Remove Block link You may also want to add YOUR IP to the whitelist management tab to prevent you getting blocked yourself, especially whilst testing :) See
    0
  • rpvw
    cPHulk also blocks by user (or IP, and can also set a one-day block on IPs if they repeat offend) - so make sure you check all the blocked lists when you are trying to unblock.
    0
  • CanadaGuy
    cPHulk also blocks by user (or IP, and can also set a one-day block on IPs if they repeat offend) - so make sure you check all the blocked lists when you are trying to unblock.

    The user account does show up in the block history, and can see it when I try an API request with that user account. Clear the history, and try again and it shows up immediately. Disabling cPHulk doesn't seem to have an effect, it stays blocked. I can't see the account listed anywhere. I'll try digging through the cPHulk documentation to see what else I can find... Any other ideas?
    0
  • CanadaGuy
    Disabling cPHulk does not allow the user in either, so wouldn't that indicate that cPHulk is not doing the blocking? After some more poking, I finally understood the "reports" to view. All lists are empty: Blocked Users, Blocked IP Addresses, and One Day Blocks except for Failed Logins...I can clear that, but the username is still blocked it appears.
    0
  • rpvw
    If you had clicked the blue "Remove Blocks and Clear Reports" button, and then disabled cPHulk, I would have expected the user to be able to log in again. I don't know of any other native systems in cPanel that would block a user. I can only assume there is something about the API login you are using for that user, that has an issue. Can the user log in normally ? Have you installed any other security software like CSF/LFD ?
    0
  • CanadaGuy
    Can the user log in normally ? Have you installed any other security software like CSF/LFD ?

    Yes, the user can login to the regular cPanel interface no problem. And yes, my bad, I should have mentioned I have CSF/LFD installed and working. I see the request show up in CSF - Watch System Logs - /var/log/lfd.log: Sep 30 13:54:18 servername lfd[1403]: Failed cPanel login from server.ip.was.here - ignored The reason the server IP is there, is because the script is being called from the server itself. But again as I said, another user in the same configuration can login fine so it doesn't seem like an IP block...I'll keep digging.
    0
  • rpvw
    Have you had a look at this page:
    0
  • CanadaGuy
    Have you had a look at this page:
    0
  • CanadaGuy
    Okay, well that's f'd up, but may relate to another thread I saw. I changed the password for the account, and the login was successful now. I'll dig into this a little more and see what I can find.
    0
  • CanadaGuy
    Okay, well that's f'd up, but may relate to another thread I saw. I changed the password for the account, and the login was successful now. I'll dig into this a little more and see what I can find.

    Okay, I found the issue and it was a hasty PHP mistake on my part dealing with how PHP double quoted strings are parsed when they have a $ in it. This explains everything, but thank you for taking the time to help...I learned a few things along the way.
    0
  • rpvw
    Happy to have tried to help, and delighted you found the solution :-D
    0
  • cPanelLauren
    Hi @CanadaGuy I'm really glad you found the solution to the issue you were experiencing and @rpvw thanks for helping out!!
    0

Please sign in to leave a comment.