Operating System & Version
Centos 6.10
cPanel & WHM Version
v84.0.21

101bobster

Registered
Feb 20, 2020
1
0
1
ZA
cPanel Access Level
Root Administrator
Hi,

I have a scenario where an email account with an incorrect password is setup on a device where access to it is not possible at the moment. This specific email account is also setup else where with the correct password. The problem part is that both devices is on the same network and thus same public IP.

So the inaccessible device with incorrect password keeps triggering my cpHulk Username-based, IP Address-based and One-day Blocks. This now blocks access for the entire network. Simply whitelisting that public IP is also not an option.

My plan is to use the cpHulk variables %user% and %remote_ip% to somehow pick up the failed login attempts for that specific email account with the specific IP and then run a script to somehow unblock/remove the restrictions.

I need assistance with figuring out how to use the cpHulk variables in the "Command to Run" section in WHM to pickup and trigger a script (not sure how yet) to remove the blocks specific to that email account from that IP.

Any other ideas are most welcome :)
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
Hello,

The following variables may be used in commands:

  • %exptime% - The Unix time when brute force protection will release the block
  • %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
  • %current_failures% - Number of current failures
  • %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
  • %reason% - The reason for the block
  • %remote_ip% - The blocked IP address
  • %authservice% - The last service to request authentication (for example, webmaild)
  • %user% - The last username to request authentication
  • %logintime% - The time of the request
  • %ip_version% - The IP version (4 or 6)
You can use the API in the script as well if you want to unblock based off a specific user/IP combo being blocked: WHM API 1 Sections - cPHulk - Developer Documentation - cPanel Documentation