SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications

rahnev

Well-Known Member
Jul 6, 2016
69
7
58
Bulgaria
cPanel Access Level
Root Administrator
I have the following problem:
- server ip added to whitelist in cPHulk
- even though cPHulk blocked the IP for one day in iptables

Here is a log entry:

[2019-03-26 07:45:42 +0100] info [cPhulkd] Login Blocked: IP reached maximum auth failures for a one day block [Service]=[dovecot] [Local IP Address]=[1.1.1.1] [Local Port]=[143] [Remote IP Address]=[2.2.2.2] [Remote Port]=[34169] [Authentication Database]=[mail] [Username]=[[email protected]] (30/30 failures) (blocked until [Wed Mar 27 06:45:42 2019 UTC/Wed Mar 27 07:45:42 2019 LOCAL])

How this is possible. Is there a way to understand why cPHulk blocked a whitelited IP?

Have a nice day.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello @rahnev,

Can you open a support ticket so we can take a closer look at the system to see why cPHulk isn't respecting the whitelisted IP address? You can post the ticket number here and we'll link this thread to it.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello @rahnev,

Thank you for opening the support ticket. Internal case CPANEL-26633 CPANEL-25503 was opened to report an issue where cPHulk adds one-day blocks when whitelisted IP addresses reach the maximum number of authentication failures. I'll monitor this case and update this thread with more information as it becomes available.

Thank you.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello,

To follow-up, this was fixed in cPanel & WHM version 80 as part of case CPANEL-25503:

Fixed case CPANEL-25503: Fix memory issues with cphulkd and brute force attacks.

The full change log is available at:

cPanel & WHM version 80 Change Log

Thank you.