New server still unable to login

Dear Hestia Community,

I am writing to inform you of a persistent issue I am facing with HestiaCP, a problem that has unfortunately disrupted my access to the system.

Initially, following a successful installation, the HestiaCP panel operated seamlessly. However, after a few days, a significant problem emerged: the panel started blocking my password, thereby denying me access to the system. Despite my attempts to resolve this situation, the issue persists.

In my efforts to regain access, I diligently followed a series of steps:

  1. Verified whether my IP address had been blocked and promptly removed it from the firewall. Subsequently, I updated the firewall rules. Unfortunately, this measure did not resolve the problem.

  2. Changed my password, hoping to regain access. Regrettably, even after this modification, HestiaCP continued to deny my login attempts.

  3. Allowed my IP address in the ‘/etc/fail2ban/jail.local’ configuration file.

  4. Also included my IP address in the ‘$HESTIA/data/firewall/excludes.conf’ file to ensure it was exempted from restrictions.

  5. It is important to note that 2-factor authentication, which was initially enabled for my user account, has been disabled. Despite these efforts, the issue persists and affects every user account, regardless of who attempts to log in.

  6. Reboot the server. Still no luck.

Despite all the steps I have taken, I am still unable to log in; the page simply loops back to the login screen.

I kindly request your prompt assistance in resolving this matter. Your support is invaluable to me, and I greatly appreciate your attention to this issue.

Best regards,


I have successfully identified the root cause of the problem. The main issue stems from HestiaCP ceasing to function after a specific duration if a password longer than nine characters is used.

When a custom password created on my keyboard is employed, HestiaCP eventually blocks all accounts. To address this, I plan to allow HestiaCP to generate a new password and observe if the issue recurs.

Clearly, this situation points to a software bug that requires urgent attention.

Best regards,


Check /var/log/hestia/auth.log

Enough disk space availble?

Allow the use of cookies

If your IP static?

The primary issue arises from HestiaCP ceasing to function after a specific duration if a password longer than nine characters is employed.

I am not aware of any password requiring more then 9 characters minimum length is set to 8…

Feel free DM me with server details so I can check it …

yes there is enough hdd space.

I’m unable to send you PM.

And now?

I don’t see any thing wrong:

Except the:
2023/10/23 13:09:20 [error] 2306#0: *43 FastCGI sent in stderr: “PHP message: PHP Warning: Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 268” while reading response header from upstream, client: xxxxxxx, server: _, request: “POST /login/ HTTP/2.0”, upstream: “fastcgi://unix:/run/hestia-php.sock:”, host: “xxxxxxx:8083”, referrer: “https://xxxx:8083/login/

1 Like

That´s strange. If I encounter this problem again, I will promptly inform you ( Before I make any changes to the server…). This isn’t the first time it has happened to me; in fact, it’s the third occurrence. I have gone to the extent of reinstalling the server three times. Moreover, it’s important to note that I don’t host any additional services on this server, except for a few domains and one or two emails that I’ve created. I haven’t even utilized the mail server to send emails.

Thank you for taking the time; it’s much appreciated.

I found some code that should not exists please try if you can login now fine

1 Like

Confirmed: I am now able to log in. Thank you! Please inform me about the injected code that should not be a part of HestiaCP.

Will make a PR again main branch and update the release …

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.