The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk auto add IP to blacklist

Discussion in 'Security' started by gnetwork-cp, Mar 4, 2016.

  1. gnetwork-cp

    gnetwork-cp Registered

    Joined:
    Mar 1, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Hi all,
    I searched around for this solution, but most recommended to use CSF instead, overkill in my view.
    I prefer to use cPHulk blacklist for easy management, rather than have potentially thousands of IP's in iptables.

    According to the documentation, and variables available for commands, it should be possible to automatically add an offending IP address to the blacklist.

    Command to Run When an IP Address Triggers:
    Code:
    /scripts/cphulkdblacklist %remote_ip%
    I posted here but did not test (hate to get locked out).

    If anyone can verify that this command is good, would be great!

    Thanks.
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    #2 24x7server, Mar 4, 2016
    Last edited by a moderator: Mar 9, 2016
  3. gnetwork-cp

    gnetwork-cp Registered

    Joined:
    Mar 1, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Hi, thanks for that. This is the first time I've seen this as possible.
    I read that documentation which mentioned %ip%, but also noticed the different variable on WHM cPHulk Brute Force Protection page:
    -----------------------------------------------------------------------------------
    Command to Run When an IP Address Triggers a One-Day Block

    The following variables may be used in commands:

    %exptime% - The Unix time when brute force protection will release the block
    %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
    %current_failures% - Number of current failures
    %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
    %reason% - The reason for the block
    %remote_ip% - The blocked IP address
    %authservice% - The last service to request authentication (for example, webmaild)
    %user% - The last username to request authentication
    %logintime% - The time of the request
    %ip_version% - The IP version (4 or 6)
    -----------------------------------------------------------------------------------------

    That's why I was'nt sure.
    Can you please confirm its definitely %ip% and not %remote_ip%.

    Thankyou
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I've tested and confirmed the correct value to use is:

    Code:
    %remote_ip%
    I've opened a case with our documentation team to have them correct the reference to "%ip%" in our documentation.

    Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page