SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications

rahnev · Mar 26, 2019

I have the following problem:
- server ip added to whitelist in cPHulk
- even though cPHulk blocked the IP for one day in iptables

Here is a log entry:

[2019-03-26 07:45:42 +0100] info [cPhulkd] Login Blocked: IP reached maximum auth failures for a one day block [Service]=[dovecot] [Local IP Address]=[1.1.1.1] [Local Port]=[143] [Remote IP Address]=[2.2.2.2] [Remote Port]=[34169] [Authentication Database]=[mail] [Username]=[[email protected]] (30/30 failures) (blocked until [Wed Mar 27 06:45:42 2019 UTC/Wed Mar 27 07:45:42 2019 LOCAL])

How this is possible. Is there a way to understand why cPHulk blocked a whitelited IP?

Have a nice day.

cPanelMichael · Mar 27, 2019

Hello @rahnev,

Can you confirm if the whitelisted IP address continues to appear in WHM >> cPHulk Brute Force Protection >> Whitelist Management? Or, was it automatically removed from the whitelist?https://10.2.32.184:2087/cpsess5330651649/scripts7/cphulk

Thank you.

rahnev · Mar 28, 2019

Hi @cPanelMichael,

yes the whitelisted IP continues to appear in WHM >> cPHulk Brute Force Protection >> Whitelist Management.

cPanelMichael · Mar 28, 2019

Hello @rahnev,

Can you open a support ticket so we can take a closer look at the system to see why cPHulk isn't respecting the whitelisted IP address? You can post the ticket number here and we'll link this thread to it.

Thank you.

rahnev · Mar 29, 2019

Hi @cPanelMichael,

I opened a support ticket.
Your support request ID: 11791183

Thanks.

cPanelMichael · Apr 8, 2019

Hello @rahnev,

Thank you for opening the support ticket. Internal case ~~CPANEL-26633~~ CPANEL-25503 was opened to report an issue where cPHulk adds one-day blocks when whitelisted IP addresses reach the maximum number of authentication failures. I'll monitor this case and update this thread with more information as it becomes available.

Thank you.

cPanelMichael · Jul 9, 2019

Hello,

To follow-up, this was fixed in cPanel & WHM version 80 as part of case CPANEL-25503:

Fixed case CPANEL-25503: Fix memory issues with cphulkd and brute force attacks.

The full change log is available at:

cPanel & WHM version 80 Change Log

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
S	New Thread cPanel password change	Security	0	Today at 3:02 AM
C	Malware scanners for cPanel - what options do I have right now?	Security	5	Aug 31, 2023
J	In Progress CPANEL-43160 - cPHulk database issues leading to high cpu user for /usr/sbin/nft --json list ruleset	Security	2	Aug 24, 2023
K	Modsecurity and cpanel questions	Security	3	Aug 19, 2023
N	malicious attacks that changed my cpanel password	Security	3	Jul 27, 2023

Search

Search

SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications

rahnev

Well-Known Member

cPanelMichael

Administrator

rahnev

Well-Known Member

cPanelMichael

Administrator

rahnev

Well-Known Member

cPanelMichael

Administrator

cPanelMichael

Administrator