|
|||
|
cphulk
Can anyone tell me what cpanel hulk does? I understand what something like fail2ban does, it analayzes logs then makes entries into iptables for block someone's IP address. How do hulk work and what does it protect?
Thanks, Chris Edwards |
|
||||
|
cPHulk looks for logins for PAM services. Based on your configuration, it will block an IP after a specified number of failed logins from a specific IP (or for a specific account) for a specific period of time.
__________________
-Dave cPanel Inc. Need support? Submit a request here. These forums are not an official support channel. www.cpanel.net |
|
|||
|
Hmm interesting, What services/ports does it cover? When it bans an IP I noticed that they can continue to try to login but they are blocked at the PAM level? Is there a file/log that is created that shows you which IP's are blocked?
|
|
||||
|
Quote:
We intentionally allow continued login attempts as to not notify the attacker that they should start changing their strategy. In WHM, you can see the log of blocked IPs. It's in the Security Center.
__________________
-Dave cPanel Inc. Need support? Submit a request here. These forums are not an official support channel. www.cpanel.net |
|
|||
|
Here's an excerpt from my /usr/local/cpanel/logs/error_log. Is this anything to worry about?
Code:
2009-03-13 16:44:54 info [cphulkd] [31754] Waiting for lock on /var/cpanel/hulkdpass held by cPhulkd - processor - locking /var/cpanel/hulkdpass with pid 31753 2009-03-13 16:44:55 info [cphulkd] [31754] Lock file /var/cpanel/hulkdpass.lock now gone, try to acquire 2009-03-13 17:15:15 info [cphulkd] [7325] Waiting for lock on /var/cpanel/hulkdpass held by cPhulkd - processor - locking /var/cpanel/hulkdpass with pid 7324 2009-03-13 17:15:16 info [cphulkd] [7325] Lock file /var/cpanel/hulkdpass.lock now gone, try to acquire 2009-03-13 17:30:25 info [cphulkd] [9268] Waiting for lock on /root/.my.cnf held by cPhulkd - processor - locking /root/.my.cnf with pid 9267 2009-03-13 17:30:25 info [cphulkd] [9280] Waiting for lock on /var/cpanel/hulkdpass held by cPhulkd - processor - locking /var/cpanel/hulkdpass with pid 9273 2009-03-13 17:30:25 info [cphulkd] [9275] Waiting for lock on /var/cpanel/hulkdpass held by cPhulkd - processor - locking /var/cpanel/hulkdpass with pid 9273 2009-03-13 17:30:26 info [cphulkd] [9268] Lock file /root/.my.cnf.lock now gone, try to acquire 2009-03-13 17:30:26 info [cphulkd] [9280] Lock file /var/cpanel/hulkdpass.lock now gone, try to acquire 2009-03-13 17:30:26 info [cphulkd] [9275] Lock file /var/cpanel/hulkdpass.lock now gone, try to acquire 2009-03-13 17:45:31 info [cphulkd] [10160] Waiting on invalid lock /var/cpanel/hulkdpass.lock for 60 seconds 2009-03-13 18:14:56 info [cphulkd] [16101] Waiting for lock on /root/.my.cnf held by cPhulkd - processor - locking /root/.my.cnf with pid 16099 2009-03-13 18:14:57 info [cphulkd] [16101] Lock file /root/.my.cnf.lock now gone, try to acquire Thanks. |
|
||||
|
Looks like some file locking issues which may or not be related to a bad drive. Please send in a support request so we can take a look. Thanks!
__________________
-Dave cPanel Inc. Need support? Submit a request here. These forums are not an official support channel. www.cpanel.net |
|
||||
|
Surely. If your provider is unable to track it down quickly, they can send it up to us.
__________________
-Dave cPanel Inc. Need support? Submit a request here. These forums are not an official support channel. www.cpanel.net |
![]() |
| Thread Tools | |
| Display Modes | |
|
|