Skip to main content

Login to whm redirects to undefined

Jaan Raadik
Hi, I'm experiencing an issue where sometimes logging in will redirect me to /undefined/undefined For example, login page domain.com:2087 will redirect to domain.com:2087/undefined/undefined, which will display a login page again, even though the login was reported as successful. I don't believe it could be my ip trying too many times, as it happens when I haven't logged in for days at a time, however I have had a few emails sent reporting brutr force attempts against my username. Is there anything you guys can suggest might be the issue here? It happens for some customers logging into webmail also. Hope someone can help! Thanks in advance.

Comments

10 comments

Date Votes
  • 24x7server
    Hello, Have you tried to update cPanel on your server ? Please try to update it and check this
    /scripts/upcp "force
    0
  • cPanelMichael
    Hello :) Have you been able to reproduce this issue across multiple browsers on multiple workstations? Do you notice any error messages in /usr/local/cpanel/logs/login_log when this occurs? Thank you.
    0
  • Jaan Raadik
    Hi guys, thanks for the replies. Whilst I can't confirm it I believe this was happening when my account had been locked out, since I changed the SSH port that the brute force attempts were against using my account, the problems disappeared. It did occur across all devices I tried to access with, from a variety of IPs, but I would assume my account was simply being locked out. Thanks for your help!
    0
  • cPanelMichael
    Hello :) Do you see any errors in /usr/local/cpanel/logs/login_log at the time this occurred? cPHulk should not redirect you to an undefined web page. It should simply state "Login Failed". Thank you.
    0
  • Jaan Raadik

    *.*.*.* - root [07/23/2015:06:05:06 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.* *.*.*.* - root [07/23/2015:06:05:10 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
    That was a login attempt from my IP address (obfuscated) which was redirected to domain.com:2087/undefined. attempting to login again redirected to domain.com:2087/undefined/undefined This occurred following receiving a notification of a root user brute force attack, from an IP other than my own. This is however not present within this log (presumably because this log is for WHM logins not failed sshd attempts?), and whilst the log says my IP was blocked for brute force attempts also, I never received email notification of this, along with the first attempt to login resulting in a IP lockout.
    *.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.* *.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.* *.*.*.* - root [07/23/2015:06:19:54 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.* *.*.*.* - root [07/23/2015:06:05:06 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.* *.*.*.* - root [07/23/2015:06:05:10 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP *.*.*.*
    0
  • cPanelMichael
    Are you accessing cPanel from a specific URL (e.g. from a browser bookmark/favorite entry) or do you enter the URL directly in the browser with the IP Address and port? Thank you.
    0
  • Jaan Raadik
    I login by typing the URL in the each time
    0
  • FernandoBF
    Hi, I have sometimes the same issue in my server. If i make login in webmail with my smartphone ( via browser ), it say's "login sucess" but came back to the login page of webmail ( and the URL in that time is
    0
  • Jaan Raadik
    Hi Fernando, Only real advice I can give is to check cpHulk - failed login attempts seem to cause the issue for me as I had around 100 failed logins against my ftp port a day. It seemed to be a window following this that undefined redirect occurred, leading me to believe the account was being temporarily blocked. Usually these failed alerts are emailed, perhaps check your spam folder. Further than this I can't help sorry!
    0
  • cPanelMichael
    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post