cPanel is capable of sending notifications for a wide variety of changes to the server or possible issues which you may need to be aware of. If you wish to customize which notifications you receive from cPanel and how you receive them, there are multiple tools to be aware of.
Many cPanel alerts and emails for changes to cPanel accounts or server configurations are handled by the Contact Manager tool.
The contact manager tool allows you to separate different kinds of alerts into four tiers: disabled, low, medium and high. It also allows you to customize which tiers of importance generate alerts through certain notification methods.
This section of the Contact Manager tool lists which methods of notification cover which tiers of importance via the ‘Receives’ drop-down menu. Different methods can even be disabled entirely if you so choose. The ‘Destination’ for each method of notification is decided through the Basic WebHost Manager Setup tool in WHM in the ‘Contact Information’ section which may be customized as you see fit. Any changes made to this section of the tool may be finalized using the ‘Save’ button at the bottom of the page.
This section of the Contact Manager tool lists the different types of notifications that may be sent by cPanel on your server. A slightly more detailed list of what triggers each notification can be found in this cPanel documentation:
Reference : https://documentation.cpanel.net/display/ALD/Contact+Manager
Each Alert Type can have its Importance adjusted through the four tiers, and you are able to modify multiple Alert Types at once using the checkboxes to the left of each option. Alert Types also show an Alert List section with icons for each method of notification enabled for its importance tier as a friendly reminder. Any changes made to this section of the tool may be finalized using the ‘Save’ button at the bottom of the page.
Edit System Mail Preferences
Aside from the notifications covered by Contact Manager, the server may also send out notifications to special email addresses on the server’s hostname. The Edit System Mail Preferences tool allows you to redirect mail being sent to these system-level addresses. There are three addresses covered by this tool:
- root@HOSTNAME.TLD – The root system email account receives notifications about problems and activity on the server. WHM uses this address as the server administrator’s primary contact address.
- nobody@HOSTNAME.TLD – If you disable the suEXEC feature when a CGI script sends an email and it receives a bounce message in response, the system delivers the bounce message to the nobody email account.
- cpanel@HOSTNAME.TLD – The cpanel email account receives alerts that WHM sends about users’ cPanel accounts (for example, quota and bandwidth overage notices).
Our cPanel servers typically also include the ConfigServer Security & Firewall (CSF) software which protects your server against possible compromise or malicious activity. This robust firewall also includes the Login Failure Daemon which monitors various elements on the server to alert you of possible abusive activity. Emails sent by this tool typically mention ‘lfd on HOSTNAME.TLD’ within the Subject and are sent to the ‘root@HOSTNAME.TLD’ address on the server ( again, this can be forwarded using the Edit System Mail Preferences tool ).
Examples can include:
- Excessive resource usage: USERNAME
- Suspicious process running under user USERNAME
- Suspicious File Alert
- Excessive processes running under user USERNAME
If you feel that you are receiving too many emails from LFD or, would like to adjust the limits at which LFD sends an email. You can modify LFD’s rules through the Firewall configuration of the server using the ConfigServer Security & Firewall tool in WHM under the ‘Plugins’ section. Navigate to the ‘Firewall Configuration’ button under the ‘csf – ConfigServer Firewall’ section to view and edit the firewall configuration.
There are various alerts that can be activated, deactivated, or customized within the firewall configuration. It can be daunting to new users but each entry should contain an explanation of its purpose. The following sections within the firewall configuration contain the most common alerts which you may wish to adjust:
- Login Failure Blocking and Alerts
- Login Tracking
- Connection Tracking
- Process Tracking