Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED cpHulk failed attempts list is now permanently empty?

Discussion in 'Security' started by Benjamin D., Sep 28, 2018.

Tags:
  1. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    126
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi, not sure if this is directly related to the server switch I made 2 months ago from CentOS 6 to CentOS 7.5 but cpHulk failed attempts list is now permanently empty, altough cpHulk is activated. I'm used to seeing at least 10 failures an hour from China and such, so there's something wrong. What are the steps to find out why this list now remains empty at all time? I haven't changed any software on the server and for years I've been using ConfigServer Security & Firewall which is still there on my new server. What could cause this?

    1) cPHulk is Enabled as seen in the cpHulk page in WHM.

    2) cpHulkd is running as seen in top: cPhulkd - processor - dormant mode - accepting connections
     
    #1 Benjamin D., Sep 28, 2018
    Last edited: Sep 28, 2018
  2. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    126
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Well, I just toggled it off and then on and a minute later I checked the cpHulk history tab and now it has 7 entries, so it works again... no idea what happened, but it works now. You can close this thread, thanks... weird?
     
    Infopro likes this.
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Benjamin D.,

    I'm glad to see it's working again. Let us know if you encounter any further problems.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. WynandGrobler

    WynandGrobler Member

    Joined:
    Oct 31, 2018
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    I am also experiencing this exact issue. I have been experiencing it for about 4 months now, and every couple of days, the failed login list is empty. The blocked IP addresses and one day blocks are also empty. The I then have to disable, and enable cpHulk for it to start logging again, but it will only work for a day or 2 before I have to disable and enable it again.

    CENTOS 6.10 kvm
    v74.0.9
     
    #4 WynandGrobler, Oct 31, 2018
    Last edited: Oct 31, 2018
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @WynandGrobler,

    Have you received any notifications about the cPHulk Daemon failing? Do you notice any output in /usr/local/cpanel/logs/error_log related to cphulk? It's possible the issue you notice relates to a case that's fixed in cPanel & WHM version 76:

    Fixed case CPANEL-21626: cPHulk's dbprocessor is more resilient to crashes.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. WynandGrobler

    WynandGrobler Member

    Joined:
    Oct 31, 2018
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    I used "grep hulk" on the log file and went through it. Lines that look like they may be relevant are below:
    I'm unsure if this helps. If there is something else I can do to make it easier to see the cause, please let me know.

    Code:
    [2018-08-31 13:05:25 +0200] warn [pureauth] Failed to call hulk pre_login for 1@201.238.246.19 (system) at bin/pureauth.pl line 136.
    [2018-08-31 13:07:39 +0200] die [cPhulkd] 1
    [2018-08-31 13:07:46 +0200] die [cPhulkd] 1
    [2018-08-31 13:07:46 +0200] die [cPhulkd] 1
    [2018-08-31 13:07:48 +0200] die [cPhulkd] 1
    [2018-08-31 13:07:51 +0200] warn [queueprocd] Bad starting address
    [2018-09-03 13:03:11 +0200] die [cPhulkd] 1
    [2018-09-03 13:03:32 +0200] die [cPhulkd] 1
    [2018-09-03 13:03:33 +0200] die [cPhulkd] 1
    [2018-09-03 13:03:48 +0200] warn [queueprocd] Bad starting address
    [2018-09-04 09:51:57 +0200] warn [cPhulkd] safekill_single_pid failed to send TERM to pid: 2860: No such process at /usr/local/cpanel/Cpanel/Kill/Single.pm line 71.
            Cpanel::Hulkd::run_daemon(Cpanel::Hulkd=HASH(0x1e287a8)) called at libexec/cphulkd.pl line 32
    [2018-09-04 09:52:47 +0200] info [xml-api] Whostmgr::Services::_restart_services: cphulkd
    null user passed to hulk.pm can_login: info: Cpanel::Hulk
    2018-09-18 09:33:25 +0200] warn [cpaneld] Brute force checking was skipped because cphulkd failed to process “invaliduser” from “145.249.104.232” for the “system” service. at /usr/local/cpanel/Cpanel/Server.pm line 1952.
            Cpanel::Server::connect_cphulkd(Cpanel::Server=HASH(0x1c95130)) called at /usr/local/cpanel/Cpanel/Server.pm line 497
    [2018-09-19 10:50:52 +0200] die [cPhulkd] 1
    [2018-09-19 10:50:55 +0200] die [cPhulkd] 1
    [2018-09-19 10:50:56 +0200] die [cPhulkd] 1
    [2018-09-19 10:50:59 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:01 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:04 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:04 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:06 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:06 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:08 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:08 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:11 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:12 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:14 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:16 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:18 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:22 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:23 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:26 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:30 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:30 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:31 +0200] die [cPhulkd] 1
    [2018-09-19 10:51:32 +0200] warn [queueprocd] Bad starting address
            Cpanel::Server::connect_cphulkd(Cpanel::Server=HASH(0x1d1f6d0)) called at /usr/local/cpanel/Cpanel/Server.pm line 1574
            Cpanel::Server::check_hulk_reject_login_and_exit_if_brute(Cpanel::Server=HASH(0x1d1f6d0), "authok", 1, "user", "root") called at /usr/local/cpanel/Cpanel/Server.pm line 1987
            Cpanel::Server::do_hulk_checks_after_successful_auth_if_needed(Cpanel::Server=HASH(0x1d1f6d0), "authok", 1, "user", "root") called at cpsrvd.pl line 5419
    [2018-09-19 13:05:06 +0200] warn [cPhulkd] safekill_single_pid failed to send TERM to pid: 29910: No such process at /usr/local/cpanel/Cpanel/Kill/Single.pm line 71.
            Cpanel::Hulkd::run_daemon(Cpanel::Hulkd=HASH(0xbc2e60)) called at libexec/cphulkd.pl line 32
    null user passed to hulk.pm can_login: info: Cpanel::Hulk
    [2018-10-01 08:19:23 +0200] info [xml-api] Whostmgr::Services::_restart_services: cphulkd
    [2018-10-01 08:43:43 +0200] warn [cpaneld] Brute force checking was skipped because cphulkd failed to process “validuser” from “x.x.x.x” for the “system” service. at /usr/local/cpanel/Cpanel/Server.pm line 1952.
            Cpanel::Server::connect_cphulkd(Cpanel::Server=HASH(0x1b6d378)) called at /usr/local/cpanel/Cpanel/Server.pm line 1574
            Cpanel::Server::check_hulk_reject_login_and_exit_if_brute(Cpanel::Server=HASH(0x1b6d378), "user", "validuser", "authok", 1) called at /usr/local/cpanel/Cpanel/Server.pm line 1987
            Cpanel::Server::do_hulk_checks_after_successful_auth_if_needed(Cpanel::Server=HASH(0x1b6d378), "authok", 1, "user", "validuser") called at cpsrvd.pl line 3470
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @WynandGrobler,

    Can you open a support ticket so we can take a closer look at your system to see what's happening? You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. WynandGrobler

    WynandGrobler Member

    Joined:
    Oct 31, 2018
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Thank you. I need the login details to our main cPanel account. Will get it from the MD on Monday and post the ticket number here.
     
    cPanelMichael likes this.
  9. WynandGrobler

    WynandGrobler Member

    Joined:
    Oct 31, 2018
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    I'm actually struggling to get a ticket logged. I don't actually know if it worked. Server shows open Ticket ID: 10649877 but don't see an open ticket on the portal.
     
    #9 WynandGrobler, Nov 5, 2018
    Last edited: Nov 5, 2018
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @WynandGrobler,

    I do see the login details were verified. Can you login to Manage2 Login and verify if you see the ticket there?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. WynandGrobler

    WynandGrobler Member

    Joined:
    Oct 31, 2018
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    I don't have access to that portal. Our login details don't work there.
    I resubmitted the ticket from the tickets.cpanel.net page and had to generate a new SSH key.
    Support Request ID is: 10657107
    It has logged successfully now.
     
  12. WynandGrobler

    WynandGrobler Member

    Joined:
    Oct 31, 2018
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Amanda has been looking at the ticket and confirmed this error indicates that the issue is related to an issue that was fixed in cPanel 76.

    So for now, I will just need to regularly restart the services until the update reaches release update tier.

    Thank you for your assistance.
     
    cPanelMichael likes this.
  13. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @WynandGrobler,

    Thank you for sharing the outcome. To summarize, internal case CPANEL-21626 is included with cPanel & WHM version 76 and should address the reported issue:

    Fixed case CPANEL-21626: cPHulk's dbprocessor is more resilient to crashes.

    Version 76 is tentatively planned for publication to the RELEASE build tier this week.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    WynandGrobler likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice