The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Export CPHulk Temp Blacklist

Discussion in 'Security' started by Shane3673, Sep 5, 2014.

  1. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I have CPHulk setup to lock out IPs for failed login attempts for 2 weeks. I also have a hardware firewall that I sometimes manually add IPs to a Blacklist permanently. I want this so the IPs that are trying to brute force can be locked out permanently and use the firewalls resources to block the connection versus the server. Adding these IPs into the firewall from the alerts I get from CPHulk is a very long process. How can I export the temporary blacklist from CPHulk to a text file in which I can turn into a script to import the IPs into the firewall's blacklist?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    There are no native tools that will do that for you, but you can find the cPHulk log at:

    Code:
    /usr/local/cpanel/logs/cphulkd.log
    You will have to develop a script that searches this log for specific entries and parses the IP address from the output into a text file.

    Thank you.
     
  3. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Yea, I figured it would be through SSHing into log files. Was hoping someone could break down some commands for me to help me export it to a text file. Thanks for the location of the log file I need to be looking at though. I will do some playing around with notepad++ after I copy it to my computer.
     
  4. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Had to create a ticket for something else related to CPanel and asked them after my other issue was fixed. Here is the solution in case anyone else is interested in doing this.

    mysql cphulkd -e "select IP from brutes;" | egrep "[0-9]"

    will give you a list of the blocked IPs
    copy to notepad++
    do find and replace with regular expression enabled
    find ^ and replace with the code you need before each ip
    find $ and replace with the code you need after each ip
    script done paste into firewall terminal
     
Loading...

Share This Page