How to enable login email alert on server – WHM and SSH login alert

We can setup an email alert for every login attempt via SSH and WHM to server. This is an important security concern for server owners to protect the server from unknown login attempts. By setup this email alert, every server owner will get an email alert regarding the login attempts to server every time. We can set up the WHM login alert via CSF and also the SSH login attempt by editing the “.bashrc” file on the server.

How to setup WHM login email alert on server?

We can setup the WHM login email alert by configuring the CSF installed on the server. There is an option in CSF configuration file “LF_CPANEL_ALERT” to setup the same.

Setup via WHM control panel.

Step I : Login to WHM control panel.
Step II : Go to

Home >> Plugins >> ConfigServer Security & Firewall

Step III : Edit the “Firewall configuration


And change the value of “LF_CPANEL_ALERT” directive from ‘0‘ to ‘1‘. Please see the image for more details.


Step Iv : Restart the CSF.

Setup via server command-line.

Step I : SSH to server as root user.
Step II : Open the CSF configuration file.

vi /etc/csf/csf.conf
# LF_CPANEL_ALERT_USERS. An IP address will be reported again 1 hour after the
# last tracked access (or if lfd is restarted)

# If a LF_CPANEL_ALERT event is triggered, then if the following contains the
# path to a script, it will run the script and passed the ip and username and
# the DNS IP lookup result as 3 arguments
# The action script must have the execute bit and interpreter (shebang) set

# This is a comma separated list of accounts to send alerts for. To send an
# alert for all accounts set this to "all"

Step III : Restart the CSF to reflect the changes we made.

csf -r

That’s it.

How to enable SSH email alert on server ?

We have an option to setup email alert when anybody loged in to server via SSH by editing the ‘.bashrc‘ file.

Step I : SSH to server as root user.
Step II : Open the “.bashrc” file and add the following script to send alert email to your email ID.

echo 'ALERT - SSH access detected to (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" [email protected]

Step III : Execute the following for instant result.

source .bashrc



That’s it.

Related Links:
How to check cPanel rpm works or not – cPanel script to check rpm
Important WHM/cPanel Scripts
How to stop Open relay in a cPanel server – /scripts/fixrelayd

Post navigation

Arunlal Ashok

DevOps Engineer. Linux lover. Traveller.
Always happy for an open discussion! Write to arun ((@)) crybit ((dot)) com.

Leave a Reply

Your email address will not be published. Required fields are marked *