cphulk 11.50+ : remove IP via ssh connection

Mar 11, 2014
17
1
3
cPanel Access Level
DataCenter Provider
Due to some questionable design choices in 11.50+ with regards to cphulks blacklist UI, I would like to delete IPs by SSHing into the server and removing the IPs from the blacklist via commandline.

In the past :
delete from cphulkd.logins where IP='X.X.X.X'; delete from cphulkd.brutes where IP='X.X.X.X'; would work to remove the IP and allow the customer to login.

Thank you.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Hello,

You can remove banned IP addresses via command line using the following utility:

Code:
/usr/local/cpanel/scripts/hulk-unban-ip
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello :)

The whitelisted and blacklisted IPs are stored in "ip_lists" table of the cphulk database as VARBINARY entries - in order to "read" them via a select statement, you will need to use the INET6_NTOA() mysql function (only available in 5.6.3+). EX to check whitelisted IPs:

Code:
mysql cphulkd;
SELECT INET6_NTOA(`STARTADDRESS`), INET6_NTOA(`ENDADDRESS`), `COMMENT` from `ip_lists` WHERE TYPE = 1;"
If you are using an earlier version of MySQL, then you could use our API to obtain the blacklisted IP addresses instead. This is documented at:

WHM API 1 - get_cphulk_brutes

Here's an existing tutorial on using it:

Usage example for the read_cphulk_records API script to obtain IPs blacklisted in cPhulk Brute Force Protection >> Blacklist Management area:

Code:
#!/bin/env perl
use strict;
use LWP::UserAgent;
use LWP::Protocol::https;
my $hash = "replace-with-/root/.accesshash-contents";
$hash =~ s/\n//g;
my $auth = "WHM root:" . $hash;
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME}=0;
my $ua = LWP::UserAgent->new;
my $request =
  HTTP::Request->new( GET => "https://127.0.0.1:2087/json-api/read_cphulk_records?api.version=1&list_name=black&ips_in_list" );
$request->header( Authorization => $auth );
my $response = $ua->request($request);
print $response->content;

For the script, install the following Perl modules and make it executable:

Code:
/scripts/perlinstaller --force IO::Socket::SSL
/scripts/perlinstaller --force Net::SSLeay
chmod +x /pathtoscript

Then run the script:
Code:
/pathtoscript | python -mjson.tool
Example return:


[email protected] [~]# /root/blacklist.pl | python -mjson.tool | grep -v '\{\|\}'
"1.2.3.4": null
"list_name": "black",
"requester_ip": "127.0.0.1"
"command": "read_cphulk_records",
"reason": "OK",
"result": 1,
"version": 1
Additional API functions are available if you need to remove specific records (e.g. delete_cphulk_record).

Thank you.
 
  • Like
Reactions: Ruan