The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Brute force not working

Discussion in 'Security' started by Wabun, Jul 16, 2015.

  1. Wabun

    Wabun Well-Known Member

    Joined:
    Oct 6, 2012
    Messages:
    56
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Antwerpen
    cPanel Access Level:
    Root Administrator
    I am monitoring my 4 DNS only servers closely for weeks now, and my conclusion is that the cpHulk Brute Force is not working. The Failed Logins List is keeping empty. I wonder what could be wrong? MySql perhaps, what to look for? I have run several times the 'forced' update but it doesn't help either.

    I have set-up a new DNS only for testing and in that one the cpHulk BF works perfect.

    Forgot to mention that I use CSF, but if I disable the firewall, the list keeps empty!

    Now it is getting interesting, I installed CSF on the test dns server and no more ips in the list, I removed the CSF, rebooted, but still no more ips listed in cphulk BF.....

    why?

    Edit: not ticked both boxes: Block IP addresses at the firewall level if they trigger brute force protection

    Again an edit: removed the lock file and did a new installation, the cpHulk BF works again. I assume I need to contact CSF, looks like something is breaking this functionality when installing/running CSF. I suspect same situation on all my production servers.
     
    #1 Wabun, Jul 16, 2015
    Last edited: Jul 16, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Have you verified that brute force attempts and failed logins are occurring on the existing DNS-Only servers? Do you notice any error messages in /usr/local/cpanel/logs/cphulkd_errors.log when enabling/disabling cPHulk through WHM?

    Thank you.
     
  3. Wabun

    Wabun Well-Known Member

    Joined:
    Oct 6, 2012
    Messages:
    56
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Antwerpen
    cPanel Access Level:
    Root Administrator
    Here are my findings, I hope you have more suggestions to fix this.

    /scripts/restartsrv_cphulkd --stop; /scripts/restartsrv_cphulkd --start

    # Create a debug file
    touch /var/cpanel/hulkd/debug

    Wating a few hours....

    cat /var/cpanel/hulkd/debug
    empty

    # cat /usr/local/cpanel/logs/cphulkd_errors.log
    empty

    /usr/local/cpanel/bin/hulkdsetup
    hulkdsetup: database schema is up to date.

    ps aux | grep -i cphulk
    root 4544 0.0 0.6 77092 11720 ? S 01:19 0:00 cPhulkd -processor
    root 21694 0.0 0.0 103248 852 pts/0 S+ 12:48 0:00 grep -i cphulk

    /scripts/restartsrv_cphulkd --stop; /scripts/restartsrv_cphulkd --start
    no errors

    cat /usr/local/cpanel/logs/cphulkd.log
    Nothing blocked only the whitelisted ones show up.

    mysql
    connect cphulkd
    mysql> select IP, LOGINTIME from logins order by LOGINTIME;
    Empty set (0.00 sec)
    mysql> select IP, BRUTETIME from brutes order by BRUTETIME;
    Empty set (0.00 sec)
    mysql> exit

    mysqlcheck -c cphulkd
    cphulkd.auths OK
    cphulkd.blacklist OK
    cphulkd.brutes OK
    cphulkd.good_logins OK
    cphulkd.ip_lists OK
    cphulkd.login_track OK
    cphulkd.logins OK
    cphulkd.report OK
    cphulkd.whitelist OK
    # mysqlcheck -r cphulkd
    cphulkd.auths OK
    cphulkd.blacklist OK
    cphulkd.brutes OK
    cphulkd.good_logins OK
    cphulkd.ip_lists OK
    cphulkd.login_track OK
    cphulkd.logins OK
    cphulkd.report OK
    cphulkd.whitelist OK

    cat /var/cpanel/hulkd/debug
    empty

    waited a few days, checked mysql, nothing logged.

    Used a TOR client, used a Proxy client, tried to login as root, nothing logged!
     
  4. Wabun

    Wabun Well-Known Member

    Joined:
    Oct 6, 2012
    Messages:
    56
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Antwerpen
    cPanel Access Level:
    Root Administrator
    Upgraded to 11.50 and it seems to work again.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It looks like it may have been an isolated occurrence, as I do not see any other reports about this on cPanel version 11.48. I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.
     
Loading...

Share This Page