cphulk 11.50+ : remove IP via ssh connection

[[email protected]]

Due to some questionable design choices in 11.50+ with regards to cphulks blacklist UI, I would like to delete IPs by SSHing into the server and removing the IPs from the blacklist via commandline.

In the past :
delete from cphulkd.logins where IP='X.X.X.X'; delete from cphulkd.brutes where IP='X.X.X.X'; would work to remove the IP and allow the customer to login.

Thank you.

 

[cPanelKenneth]

Hello,

You can remove banned IP addresses via command line using the following utility:

/usr/local/cpanel/scripts/hulk-unban-ip

 

[[email protected]]

Yes and that would remove a cPhulk ban. How can I remove an IP from the blacklist via commandline?

 

[cPanelMichael]

Hello

The whitelisted and blacklisted IPs are stored in "ip_lists" table of the cphulk database as VARBINARY entries - in order to "read" them via a select statement, you will need to use the INET6_NTOA() mysql function (only available in 5.6.3+). EX to check whitelisted IPs:

mysql cphulkd;
SELECT INET6_NTOA(`STARTADDRESS`), INET6_NTOA(`ENDADDRESS`), `COMMENT` from `ip_lists` WHERE TYPE = 1;"

If you are using an earlier version of MySQL, then you could use our API to obtain the blacklisted IP addresses instead. This is documented at:

WHM API 1 - get_cphulk_brutes

Here's an existing tutorial on using it:

Usage example for the read_cphulk_records API script to obtain IPs blacklisted in cPhulk Brute Force Protection >> Blacklist Management area:

#!/bin/env perl
use strict;
use LWP::UserAgent;
use LWP::Protocol::https;
my $hash = "replace-with-/root/.accesshash-contents";
$hash =~ s/\n//g;
my $auth = "WHM root:" . $hash;
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0;
my $ua = LWP::UserAgent->new;
my $request =
  HTTP::Request->new( GET => "https://127.0.0.1:2087/json-api/read_cphulk_records?api.version=1&list_name=black&ips_in_list" );
$request->header( Authorization => $auth );
my $response = $ua->request($request);
print $response->content;

For the script, install the following Perl modules and make it executable:

/scripts/perlinstaller --force IO::Socket::SSL
/scripts/perlinstaller --force Net::SSLeay
chmod +x /pathtoscript

Then run the script:

/pathtoscript | python -mjson.tool
Example return:


[email protected] [~]# /root/blacklist.pl | python -mjson.tool | grep -v '\{\|\}'
"1.2.3.4": null
"list_name": "black",
"requester_ip": "127.0.0.1"
"command": "read_cphulk_records",
"reason": "OK",
"result": 1,
"version": 1

Additional API functions are available if you need to remove specific records (e.g. delete_cphulk_record).

Thank you.