cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Disable Login Notifications for WHM -> cPanel Logins

John McCarthy shared this idea 4 years ago
Open Discussion

When using the "Login to cPanel" feature from WHM, it will send an email to the cPanel user saying that an unknown IP has logged in to their account.


As some companies routinely access client accounts (because they manage the clients accounts for them), this email should not get sent out for logins to cPanel via WHM.

Comments (5)

photo
1

This is a setting that should have been available from the start of the login notifications feature.


Having to go log into each account (and send out the email notifications) so that you can switch off the email notifications is unacceptable. This could easily be a tweak settings item.


I think it is extremely important to deploy this switch as soon as possible

photo
1

What version did this begin in? It's not something I've noticed when accessing my own accounts via WHM, other notification emails arrive properly.

photo
1

The "Email notification when cPanel user logs in" feature was added in version 11.48 in response to this request. It has to be enabled by the cPanel user. From my perspective if the user asks for alerts when their account is accessed, subverting that for root presents a moral quandary for me.


Are you seeing your customers enable this and then get confused that they're seeing notifications of your login?

photo
1

Thanks, good to know. Not something I've had a problem with personally, although I wasn't aware this existed (shame on me!) and from the feature request I assumed it was something enabled for all users by default.


I agree with you on the surface. However I also don't think it's cPanel's place to "play God" and decide how a business runs their own cPanel server. There may be a legitimate reason for frequent WHM access to customer's accounts and I'd suspect in most cases, customers have enabled this option to be informed of unexpected external logins (not from their hosting provider).


Personally, I'd like to respect our customer's privacy and keep it enabled. However it would be nice to show a confirmation box within WHM before accessing a customer's cPanel if these notifications are enabled (e.g. "This user (someusername) has enabled login notifications, do you want to continue?").

photo
2

I think it's a bit of a stretch to say we're "playing God", but I do understand where you're coming from. If/when this gets enough support to get implemented, we'll definitely take this into consideration.

photo
photo
1

I completely understand how for some, disabling login notifications for root is not moral. However, we offer managed services to clients who do not understand what the login means.


I believe the notifications are enabled by default once the account is created.

photo
1

I just tested and it looks like they are not enabled by default, at least in versions 58 and 60.

photo
1

Ah, my bad. You are right.

photo
photo
1

Perhaps one issue here is that the connection between this notification feature appearing in cPanel Contact Information Preferences, and cpHulk being enabled, is not obvious in any of the documentation I have seen (please correct me if I have missed something obvious, I often do !!)

Since the notification seems to be linked to cpHulk, perhaps a switch would be easier to include in the cpHulk configuration rather than Tweak Settings ?


And we probably need an emoji for "Give benny a hug"

photo
1

I agree that inside in cPHulk might be a better option. I think the issue happened for me because we got a new shop IP that was not whitelisted. This is when clients contacted us asking why an unknown IP logged into their account.

photo
1

You're right, it's not at all obvious here: https://documentation.cpanel.net/display/ALD/Contact+Information


I'll get a documentation case submitted to make sure that's obvious. Thanks for that!

photo
1

Whilst whitelisting an IP is an obvious, and probably the preferred toggle, not everyone may be fortunate enough to have whitelistable (is that a word?) static IPs available to their admin/root WHM logins - hence the apparent need for some alternative arrangement :)

photo