cPhulk blocking 0.0.0.0

fabin

Active Member
Nov 27, 2009
29
0
51
Gods Own Country
Today, I couldn't login to my server using SSH and WHM. I had to disable cphulk from rescue mode in order to get the access back.

On checking the cphulk report, I could see that 0.0.0.0 is blocked. See screenshot attached. Why is 0.0.0.0 blocked?
 

Attachments

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

Is there any traffic identified as 0.0.0.0 aimed at the server? You may want to install tcpdump and run the following command to see if that's the case:

Code:
tcpdump -nnvv host 0.0.0.0
If you see data, check for the Client-Ethernet-Address from the output and determine if it's from your own server:

Code:
ifconfig|grep [Client-Ethernet-Address-Here]
Thank you.
 

ds00424

Member
Apr 10, 2015
5
0
1
Internet
cPanel Access Level
Root Administrator
I heard from Bluehost that there is a bug with a signature similar to trouble mentioned here. cphulk is erroneously getting the connecting IP as 0.0.0.0 and then blocking it. I was unable to ssh log into my Bluehost system. They turned off cphulk and then I could log in. Said it was a known bug and were working with cPanel to get it resolved.

Is there a defect i can watch to know when it is fixed?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
I heard from Bluehost that there is a bug with a signature similar to trouble mentioned here. cphulk is erroneously getting the connecting IP as 0.0.0.0 and then blocking it. I was unable to ssh log into my Bluehost system. They turned off cphulk and then I could log in. Said it was a known bug and were working with cPanel to get it resolved.
There's an open case regarding the use of "su" to access root, but not for the issue described by the original poster. Could you have your hosting provider let you know the case number they are referring to?

Thank you.