Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications

Discussion in 'Security' started by rahnev, Mar 26, 2019.

  1. rahnev

    rahnev Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    54
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Bulgaria
    cPanel Access Level:
    Root Administrator
    I have the following problem:
    - server ip added to whitelist in cPHulk
    - even though cPHulk blocked the IP for one day in iptables

    Here is a log entry:

    [2019-03-26 07:45:42 +0100] info [cPhulkd] Login Blocked: IP reached maximum auth failures for a one day block [Service]=[dovecot] [Local IP Address]=[1.1.1.1] [Local Port]=[143] [Remote IP Address]=[2.2.2.2] [Remote Port]=[34169] [Authentication Database]=[mail] [Username]=[[email protected]] (30/30 failures) (blocked until [Wed Mar 27 06:45:42 2019 UTC/Wed Mar 27 07:45:42 2019 LOCAL])

    How this is possible. Is there a way to understand why cPHulk blocked a whitelited IP?

    Have a nice day.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,590
    Likes Received:
    2,186
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @rahnev,

    Can you confirm if the whitelisted IP address continues to appear in WHM >> cPHulk Brute Force Protection >> Whitelist Management? Or, was it automatically removed from the whitelist?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. rahnev

    rahnev Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    54
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Bulgaria
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael,

    yes the whitelisted IP continues to appear in WHM >> cPHulk Brute Force Protection >> Whitelist Management.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,590
    Likes Received:
    2,186
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @rahnev,

    Can you open a support ticket so we can take a closer look at the system to see why cPHulk isn't respecting the whitelisted IP address? You can post the ticket number here and we'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. rahnev

    rahnev Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    54
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Bulgaria
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael,

    I opened a support ticket.
    Your support request ID: 11791183

    Thanks.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,590
    Likes Received:
    2,186
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @rahnev,

    Thank you for opening the support ticket. Internal case CPANEL-26633 CPANEL-25503 was opened to report an issue where cPHulk adds one-day blocks when whitelisted IP addresses reach the maximum number of authentication failures. I'll monitor this case and update this thread with more information as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelMichael, Apr 8, 2019
    Last edited: Jul 9, 2019
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,590
    Likes Received:
    2,186
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To follow-up, this was fixed in cPanel & WHM version 80 as part of case CPANEL-25503:

    Fixed case CPANEL-25503: Fix memory issues with cphulkd and brute force attacks.

    The full change log is available at:

    cPanel & WHM version 80 Change Log

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice