The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk Usage Question

Discussion in 'Security' started by domeneas, Mar 2, 2016.

  1. domeneas

    domeneas Active Member

    Joined:
    Sep 20, 2013
    Messages:
    27
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    CpHulk, how to use "Command to Run When an IP Address Triggers Brute Force Protection"?

    Hello,

    so I am slightly in the dark on how to use this function. I was hoping I could use it to write something that can notify the owner of an account if their account is locked.

    Any examples would be great.

    The way I am thinking of is not very sexy, comparing banned IPs to previously successful IPs and so on to select if the user should receive an email or not.

    I'd much rather have a countdown on the login page "You have 2 tries left" if anyone has a hint on that.

    Thanks so much.
     
    #1 domeneas, Mar 2, 2016
    Last edited by a moderator: Mar 2, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you familiar with the "Users can enable login notifications in the Contact Information area inside of cPanel" option in "WHM >> cPHulk Brute Force Protection"? It's found within cPanel at:

    "cPanel >> Preferences >> Contact Information"

    It allows users to enable notifications for the following actions:

    Someone logs in to my account.
    - Send login notifications, even when the user logs in from an IP address range or netblock that contains an IP address from which a user successfully logged in previously.

    - My preference for successful login notifications is disabled.


    Thank you.
     
  3. domeneas

    domeneas Active Member

    Joined:
    Sep 20, 2013
    Messages:
    27
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi,

    yes I am familiar with that, but I would like them to know when they (the current IP address they are trying to log in from triggers a brute force in cPHulk) are blocked, not if they have logged inn or other successful logins. That is not an option all ready, so I was hoping to use the custom command to write something to that effect myself, but am unable as I cannot find any examples of the commands it can run. It only lists the variables you can use.

    I was hoping it could trigger a script, but I can't find how to make it.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There are no native features for that type of notification, but you could develop a custom script that sends such a notification. The cPHulk API is documented at:

    WHM API 1 Functions - get_cphulk_failed_logins - Software Development Kit - cPanel Documentation

    As noted in the interface, the following variables are available when using the "Command to Run When an IP Address Triggers Brute Force Protection" feature:

    Code:
        %exptime% - The Unix time when brute force protection will release the block
        %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
        %current_failures% - Number of current failures
        %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
        %reason% - The reason for the block
        %remote_ip% - The blocked IP address
        %authservice% - The last service to request authentication (for example, webmaild)
        %user% - The last username to request authentication
        %logintime% - The time of the request
        %ip_version% - The IP version (4 or 6)
    
    Thank you.
     
Loading...

Share This Page