cwp user login failed suddenly on over than 6 CWP dedicated different servers

Hello there
We are a webhosting company & we have more than 6 CWP servers
Suddenly we get a strange problem on all our CWP servers
The problem is that all users couldnt be able to login to domain cpanel
It throws "Failed" error & when watching cwp log file "/usr/local/cwpsrv/logs/error_log" it shows the following without any descriptive error
==================================================================================================================================

2024/08/14 21:35:33 [notice] 7471#0: *2854 "^/v1/([^/]+)/?$" matches "/v1/valid_user/", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:33 [notice] 7471#0: *2854 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:33 [info] 7471#0: *2854 client 127.0.0.1 closed keepalive connection
2024/08/14 21:35:39 [notice] 7472#0: *2859 "^/v1/([^/]+)/?$" matches "/v1/valid_user/", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:39 [notice] 7472#0: *2859 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:39 [info] 7472#0: *2859 client 127.0.0.1 closed keepalive connection
2024/08/14 21:36:20 [notice] 7471#0: *2868 "^/v1/([^/]+)/?$" matches "/v1/loginfail/", client: 127.0.0.1, server: localhost, request: "POST /v1/loginfail/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:36:20 [notice] 7471#0: *2868 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/loginfail/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:36:20 [info] 7471#0: *2868 client 127.0.0.1 closed keepalive connection


==================================================================================================================================
Please notice that the user could be able to login with the same refused password within ftp to the same server, which proves that the user password is correct


i have tried the following but not sucsess
1) Suspend & unsuspend account
2) Change user default package
3) Deleted the user & recreated it
4) Change CWP main php to different version 7.2, 7.3, 7.4, & 8.2
5) Restart CWSRV service ( systemctl restart cwpsrv.service) & php-fpm ( systemctl restart cwpsrv-phpfpm.service)
6) Changed mysql root password
7) Update CWP (/scripts/update_cwp)
Rebuild users (/scripts/cwpsrv_rebuild_user_conf)
9) Rebuild php-fpm users
10) Webserver set to apache & uninstalled nginx
11) Deleted ".conf" user directory
12) Confirmed user "tmp" directory permissions
13) Regenerate server hostname ssl (/scripts/generate_hostname_ssl)
14) Disabled csf firewall
15) Disabled apache modsecurity
16) Repaired all databases including "cwp_root" & "oauthv2" databases
Nothing of the above solved the issue

OS Type : Linux
OS Versions : tested on CentOS 7 & Alma 8

Any help will be appretiated

hi, any update, i have same problem,

even I am facing same issue

Hello there
We are a webhosting company & we have more than 6 CWP servers
Suddenly we get a strange problem on all our CWP servers
The problem is that all users couldnt be able to login to domain cpanel
It throws "Failed" error & when watching cwp log file "/usr/local/cwpsrv/logs/error_log" it shows the following without any descriptive error
==================================================================================================================================

2024/08/14 21:35:33 [notice] 7471#0: *2854 "^/v1/([^/]+)/?$" matches "/v1/valid_user/", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:33 [notice] 7471#0: *2854 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:33 [info] 7471#0: *2854 client 127.0.0.1 closed keepalive connection
2024/08/14 21:35:39 [notice] 7472#0: *2859 "^/v1/([^/]+)/?$" matches "/v1/valid_user/", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:39 [notice] 7472#0: *2859 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/valid_user/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:35:39 [info] 7472#0: *2859 client 127.0.0.1 closed keepalive connection
2024/08/14 21:36:20 [notice] 7471#0: *2868 "^/v1/([^/]+)/?$" matches "/v1/loginfail/", client: 127.0.0.1, server: localhost, request: "POST /v1/loginfail/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:36:20 [notice] 7471#0: *2868 rewritten data: "/v1/index.php", args: "method=", client: 127.0.0.1, server: localhost, request: "POST /v1/loginfail/ HTTP/1.1", host: "127.0.0.1:2302"
2024/08/14 21:36:20 [info] 7471#0: *2868 client 127.0.0.1 closed keepalive connection


==================================================================================================================================
Please notice that the user could be able to login with the same refused password within ftp to the same server, which proves that the user password is correct


i have tried the following but not sucsess
1) Suspend & unsuspend account
2) Change user default package
3) Deleted the user & recreated it
4) Change CWP main php to different version 7.2, 7.3, 7.4, & 8.2
5) Restart CWSRV service ( systemctl restart cwpsrv.service) & php-fpm ( systemctl restart cwpsrv-phpfpm.service)
6) Changed mysql root password
7) Update CWP (/scripts/update_cwp)
Rebuild users (/scripts/cwpsrv_rebuild_user_conf)
9) Rebuild php-fpm users
10) Webserver set to apache & uninstalled nginx
11) Deleted ".conf" user directory
12) Confirmed user "tmp" directory permissions
13) Regenerate server hostname ssl (/scripts/generate_hostname_ssl)
14) Disabled csf firewall
15) Disabled apache modsecurity
16) Repaired all databases including "cwp_root" & "oauthv2" databases
Nothing of the above solved the issue

OS Type : Linux
OS Versions : tested on CentOS 7 & Alma 8

Any help will be appretiated

Hello there
I have found the source & solution for this problem & i would like to share it with you
The problem occur on CWP Version 0.9.8.1184 & solution is to downgrade CWP to version 0.9.8.1177
Steps to solve this issue :

1) Downgrade CWP to previous version & reboot the server
cd /usr/local/cwpsrv/htdocs
chattr -i -R /usr/local/cwpsrv/htdocs
wget http://static.cdn-cwp.com/files/cwp/el7/cwp-el7-0.9.8.1177.zip 
unzip -o -q cwp-el7-0.9.8.1177.zip
rm -f cwp-el7-0.9.8.1177.zip
/scripts/phpfpm_rebuild_user_conf
/scripts/cwpsrv_rebuild_user_conf
reboot

2) Change user password
3) Try login again & you will find the problem get solved
4) Dont forget to stop auto update temporarly untill problem get fixed

Best regards

Only time I've seen that has been from a WordPress firewall that redirects to 127.0.0.1

If you redirect everything to 127.0.0.1, life suddenly becomes a whole lot more peaceful...
(until the trouble reports start rolling in.)