Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPHulk auto add IP to blacklist

Discussion in 'Security' started by gnetwork-cp, Mar 4, 2016.

  1. gnetwork-cp

    gnetwork-cp Member

    Joined:
    Mar 1, 2016
    Messages:
    17
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Hi all,
    I searched around for this solution, but most recommended to use CSF instead, overkill in my view.
    I prefer to use cPHulk blacklist for easy management, rather than have potentially thousands of IP's in iptables.

    According to the documentation, and variables available for commands, it should be possible to automatically add an offending IP address to the blacklist.

    Command to Run When an IP Address Triggers:
    Code:
    /scripts/cphulkdblacklist %remote_ip%
    I posted here but did not test (hate to get locked out).

    If anyone can verify that this command is good, would be great!

    Thanks.
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,834
    Likes Received:
    85
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 24x7server, Mar 4, 2016
    Last edited by a moderator: Mar 9, 2016
  3. gnetwork-cp

    gnetwork-cp Member

    Joined:
    Mar 1, 2016
    Messages:
    17
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Hi, thanks for that. This is the first time I've seen this as possible.
    I read that documentation which mentioned %ip%, but also noticed the different variable on WHM cPHulk Brute Force Protection page:
    -----------------------------------------------------------------------------------
    Command to Run When an IP Address Triggers a One-Day Block

    The following variables may be used in commands:

    %exptime% - The Unix time when brute force protection will release the block
    %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
    %current_failures% - Number of current failures
    %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
    %reason% - The reason for the block
    %remote_ip% - The blocked IP address
    %authservice% - The last service to request authentication (for example, webmaild)
    %user% - The last username to request authentication
    %logintime% - The time of the request
    %ip_version% - The IP version (4 or 6)
    -----------------------------------------------------------------------------------------

    That's why I was'nt sure.
    Can you please confirm its definitely %ip% and not %remote_ip%.

    Thankyou
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,856
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    I've tested and confirmed the correct value to use is:

    Code:
    %remote_ip%
    I've opened a case with our documentation team to have them correct the reference to "%ip%" in our documentation.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,856
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    To update, the document now reflects the correct variable.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice