I have CPHulk setup to lock out IPs for failed login attempts for 2 weeks. I also have a hardware firewall that I sometimes manually add IPs to a Blacklist permanently. I want this so the IPs that are trying to brute force can be locked out permanently and use the firewalls resources to block the connection versus the server. Adding these IPs into the firewall from the alerts I get from CPHulk is a very long process. How can I export the temporary blacklist from CPHulk to a text file in which I can turn into a script to import the IPs into the firewall's blacklist?
Hello 
There are no native tools that will do that for you, but you can find the cPHulk log at:
You will have to develop a script that searches this log for specific entries and parses the IP address from the output into a text file.
Thank you.
There are no native tools that will do that for you, but you can find the cPHulk log at:
Code:
/usr/local/cpanel/logs/cphulkd.logThank you.
Yea, I figured it would be through SSHing into log files. Was hoping someone could break down some commands for me to help me export it to a text file. Thanks for the location of the log file I need to be looking at though. I will do some playing around with notepad++ after I copy it to my computer.
Had to create a ticket for something else related to CPanel and asked them after my other issue was fixed. Here is the solution in case anyone else is interested in doing this.
mysql cphulkd -e "select IP from brutes;" | egrep "[0-9]"
will give you a list of the blocked IPs
copy to notepad++
do find and replace with regular expression enabled
find ^ and replace with the code you need before each ip
find $ and replace with the code you need after each ip
script done paste into firewall terminal
mysql cphulkd -e "select IP from brutes;" | egrep "[0-9]"
will give you a list of the blocked IPs
copy to notepad++
do find and replace with regular expression enabled
find ^ and replace with the code you need before each ip
find $ and replace with the code you need after each ip
script done paste into firewall terminal
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| C | How to export all failed IPs from cpHulk into txt/csv? | Security | 2 | |
| W | How to export SSL from cPanel with .pfx | Security | 4 | |
| R | OWASP - mod security export rules status | Security | 1 | |
| K | how to export cPHulk blacklist | Security | 6 | |
| B | /scripts/pkgacct does not export SSL cert and dedicated IP | Security | 0 |