Skip to main content

PublicAPI / API 2 / Access Denied error

Comments

15 comments

  • Kheang
    Ok so I fixed this issue by going in the Tweak settings under security and putting this to "On": Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM. It's odd that it was working before though, then suddenly stopped working at all until I put that. Am I doing this correctly if I use "root" and the accesshash method will this be unsecure in anyway if my script communicates locally via 127.0.0.1 ? I just want to make sure this will not be a security issue and if multiple users use the script at the same time will it cause a problem?
    0
  • Kheang
    Ok scratch what i said about it working again, it still doesn't work. I have no idea what is causing this Access Denied error. I thought my previous fix worked but it stopped working after a while again. But then came back. Any help would be appreciated!
    0
  • cPanelMichael
    Do you notice any error messages in /usr/local/cpanel/logs/login_log or /usr/local/cpanel/logs/error_log when the access denied message occurs? Thank you.
    0
  • Kheang
    [quote="cPanelMichael, post: 1629972">Do you notice any error messages in /usr/local/cpanel/logs/login_log or /usr/local/cpanel/logs/error_log when the access denied message occurs? Thank you.
    Wow this helps a lot! In the login log i see this: 127.0.0.1 - root [04/25/2014:19:08:08 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1 127.0.0.1 - root [04/25/2014:19:08:10 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1 127.0.0.1 - root [04/25/2014:19:08:37 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1 So I am assuming that because of the repeated queries I am doing it thinks it is brute force and locks it even if it comes from 127.0.0.1. So I am assuming i need to whitelist this IP and it should work all the time from now on? Do I add it in the cPHulk Brute Force Protection? Thank you a lot for your help!
    0
  • KostonConsulting
    The PublicAPI classes aren't typically meant to be run on the cPanel/WHM server. You could whitelist 127.0.0.1 (the local server) but that could allow others with shell access to hammer the API. You should reach out to integration At cPanel dot NET to see if they can walk you through exactly what you are trying to accomplish.
    0
  • Kheang
    [quote="KostonConsulting, post: 1630572">The PublicAPI classes aren't typically meant to be run on the cPanel/WHM server. You could whitelist 127.0.0.1 (the local server) but that could allow others with shell access to hammer the API. You should reach out to integration At cPanel dot NET to see if they can walk you through exactly what you are trying to accomplish.
    Thank you I will look into that!
    0
  • Kheang
    Hmm I still have the Access Denied error even after I have added 127.0.0.1 in the whitelist under Security Center " cPHulk Brute Force Protection... where else do I need to put it to fix this? 127.0.0.1 - root [04/28/2014:17:07:35 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1 Any help is appreciated, thanks!
    0
  • mgastkemper
    [quote="Kheang, post: 1631551">Hmm I still have the Access Denied error even after I have added 127.0.0.1 in the whitelist under Security Center " cPHulk Brute Force Protection... where else do I need to put it to fix this? 127.0.0.1 - root [04/28/2014:17:07:35 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1 Any help is appreciated, thanks!
    Try clearing the failed logins.
    0
  • Kheang
    [quote="mgastkemper, post: 1631731">Try clearing the failed logins.
    Ok I did so and tried some tests again and the same problem occured after a while. 127.0.0.1 - root [04/28/2014:19:52:17 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1 I am wondering is there any other places i should whitelist 127.0.0.1 other than cPHulk Brute Force Protection?
    0
  • mgastkemper
    [quote="Kheang, post: 1631741">Ok I did so and tried some tests again and the same problem occured after a while. 127.0.0.1 - root [04/28/2014:19:52:17 -0000] "POST /json-api/cpanel HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 127.0.0.1 I am wondering is there any other places i should whitelist 127.0.0.1 other than cPHulk Brute Force Protection?
    I don't now another place. cPHulk stores it's data in a MySQL database accessible by PHPMyAdmin. Searching for 127.0.0.1 in the tables can give you a solution.
    0
  • Kheang
    [quote="mgastkemper, post: 1631992">I don't now another place. cPHulk stores it's data in a MySQL database accessible by PHPMyAdmin. Searching for 127.0.0.1 in the tables can give you a solution.
    I just did a search and could not find anything that shows me why it would be blocked in the cphulkd database. The whitelist is listed as 127.0.0.1 with 0 in isprefix.
    0
  • Kheang
    Anyone else have any other idea what could be causing this problem, even after I have whitelisted the IP and flushed the DB?
    0
  • Kheang
    Ok so just an update, I have contacted my hosting company for some help and they have tried the following: I have gone ahead and whitelisted the IP at Cphulkd and firewall level (127.0.0.1). I have tested it and still get the same error. I am out of ideas. It seems like it is ignoring the whitelist.
    0
  • DavidN.
    (For internal reference, this is connected to case 100089.)
    0
  • Kheang
    Ok so I had another thought maybe it might help someone help me figure out this issue. The problem is not a failed login or excessive failed login block. It is basically blocking me because i am logging in too many times (with the right authentication). So how do I tell cpanel to not block my IP 127.0.0.1 even if I have the correct login information? I also noticed in the logins table whenever I run my script, an entry is added the info is followed: USER: root IP: (empty) SERVICE: system STATUS: 0 LOGINTIME: (time) Hope it gives someone any ideas.
    0

Please sign in to leave a comment.