Skip to main content

Mac WEBdisk CPdavD connection to CPanel

EV2agency
I consistently have an issue where my host (A2) is blocking my IP address at the server level. I have to visit my Cpanel login and do a CAPTCHA to whitelist the IP again. This will happen numerous times until the IP is Blacklisted and I can't access CPanel at all. I call and they Whitelist me again but it continues to happen. I was told by A2 that my computer (with all of my email profile being rebuilt) is sending numerous requests to CPdavD and this is web disk related. I do not have any web disk running that I am aware of as this is a 3 month old, brand new Mac Book Pro. Could this be related to iCal or something with my calendar tied to my email?

Comments

11 comments

Date Votes
  • cPRex Jurassic Moderator
    Hey there! The "dav" processes could either be webdisk or caldav, so it could certainly be the system making calls to the calendar if you have that setup. I'm guessing this is a shared server and they don't want to whitelist your IP, correct? The only way to know for sure would be to have the host check the /opt/cpanel-ccs/data/Logs/error.log file on the system to see what specific errors are happening, as you wouldn't be able to see that with your limited access to the machine. I looked around and didn't see any way to limit the number of connection requests the Mac makes to through the Calendar system. If you keep the Calendar app closed for a bit, does the issue no longer happen?
    0
  • EV2agency
    I have full access to my CPanel Backend. Why would Ical be trying to access CPanel? The ywhitelist my IP all the time. They just did it yesterday and I was blocked AGAIN today. I'm unsure what is exactly trying to access CPanel unsuccessfully! Here are my latest logs: [Fri Dec 04 11:01:35.075937 2020] [core:error] [pid 682329:tid 47893461489408] (13)Permission denied: [client 17.58.96.68:18613] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 09:19:30.855369 2020] [core:error] [pid 603118:tid 47893499311872] (13)Permission denied: [client 66.249.66.210:53023] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 08:44:22.588560 2020] [core:error] [pid 547915:tid 47893469894400] (13)Permission denied: [client 114.119.155.81:52422] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 08:43:39.353702 2020] [core:error] [pid 603118:tid 47893461489408] (13)Permission denied: [client 157.55.39.1:3668] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 08:43:39.219914 2020] [core:error] [pid 603118:tid 47893453084416] (13)Permission denied: [client 157.55.39.1:3650] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 08:25:42.228065 2020] [core:error] [pid 603118:tid 47893490906880] (13)Permission denied: [client 35.185.19.233:43985] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 08:24:48.256732 2020] [core:error] [pid 603118:tid 47893469894400] (13)Permission denied: [client 35.185.19.233:52965] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 07:54:18.298017 2020] [core:error] [pid 547993:tid 47893471995648] (13)Permission denied: [client 66.249.66.220:40350] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 06:39:18.073094 2020] [core:error] [pid 475446:tid 47893501413120] (13)Permission denied: [client 66.249.66.70:39585] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt [Fri Dec 04 06:08:16.014722 2020] [core:error] [pid 475446:tid 47893478299392] (13)Permission denied: [client 66.249.66.222:63491] AH00132: file permissions deny server access: /home/ev274/public_html/robots.txt
    0
  • cPRex Jurassic Moderator
    While you'd have full access to cPanel, you wouldn't have access to any of the logs that would show the errors they are reporting. I'd be a bit skeptical that a Calendar connection is what is causing you to be blocked, but it seems odd they couldn't provide you with more information on their end, showing specifically what the blockage was. For example, and of course I don't know what firewall system they are using so this is just a general example, CSF gives these details when an IP address is added to the block list: 1.2.3.4 # lfd: (ftpd) Failed FTP login from 1.2.3.4 (CN/China/-): 10 in the last 3600 secs - Thu Nov 26 07:15:13 2020
    but it would be nice if they could provide more specifics on what they are seeing, as by default, cPanel itself doesn't have any blocking functions on Calendar connections.
    0
  • EV2agency
    All they told me was it was related to a Web Disk attempting to access CPanel itself and gave me the CPdavD code. The only 2 devices on my network using the email/domain in question are my MacBook Pro and my iPhone 12. I'm completely lost here and now I'm blacklisted again and can't even get to the CPanel to clear it.
    0
  • cPRex Jurassic Moderator
    It's important to note that there is nothing in cPanel by default that would block based on this type of traffic, so I'm really just guessing at possibilities. When you mention the Captcha code, that actually makes me think of Imunify360 being installed on the server, which is also not a cPanel tool. Here's the documentation they provide about their firewall tool: [QUOTE] Gray list is automated. If a user violates Imunify360 security rules, tries to enter the wrong password for example, then Imunify360 automatically blocks the access to this user IP-address, adding the IP-address to the Gray List. It will redirect the user to enter the
    0
  • CloudLinux Skhristich
    Hello, Please try to add your IP address to the
    0
  • cPRex Jurassic Moderator
    @CloudLinux Skhristich - I don't believe he'll have that option as he only has cPanel access to the system.
    0
  • stephanmg
    I am having EXACT same problem with A2Hosting, for me, it is going on for 3 months. They and also I have no clue why this is happening. All they tell me (every day) is it's due to false cPanel logins. This is what they see in the logfiles (different things). * I have replaced {IP-ADDRESS} and email@mydomain.com. {IP-ADDRESS} - email@mydomain.com [01/03/2021:09:31:45 -0000] "PROPFIND" FAILED LOGIN cpdavd: No encrypted password found for email@mydomain.com. 1 06:35:57 mi3-ss48 dovecot: imap-login: Aborted login (auth failed, 2 attempts in 1 secs): user=<>, method=LOGIN, rip={IP-ADDRESS}, lip={SERVER-IP}, TLS, session=1/JJNW3aMpTUoLc> {IP-ADDRESS} - email@mydomain.com [12/31/2020:10:54:40 -0000] "PROPFIND" FAILED LOGIN cpdavd: Authentication failed for user: email@mydomain.com. For your information. I have reinstalled my macOS without backup. I didn't have any accounts/connections to my websites on other devices. I also checked other devices on my networks for e-mail accounts/webdisk/caldav connections, none. If anyone can shine a light on this. Thank you so much!
    0
  • cPRex Jurassic Moderator
    @stephanmg - are you able to access the mail account normally through a tool like webmail? If so, and if you have root access, can you submit a ticket so we can do some additional testing with that on our end?
    0
  • stephanmg
    Well, I am just a customer of A2Hosting, no root access for me, only cPanel access for my domain. the mail account doesn't exist any more. I created it, but since the problems I have deleted it also. I can't test if I am able to access mail access.
    0
  • cPRex Jurassic Moderator
    You could always create a new account to test :D The host would have the best access to logs though, as they could check the mail logs to see if there are any additional details about that user that could be contributing to the issue.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post