Export CPHulk Temp Blacklist

Shane3673

Well-Known Member
Dec 20, 2013
96
1
58
cPanel Access Level
Root Administrator
I have CPHulk setup to lock out IPs for failed login attempts for 2 weeks. I also have a hardware firewall that I sometimes manually add IPs to a Blacklist permanently. I want this so the IPs that are trying to brute force can be locked out permanently and use the firewalls resources to block the connection versus the server. Adding these IPs into the firewall from the alerts I get from CPHulk is a very long process. How can I export the temporary blacklist from CPHulk to a text file in which I can turn into a script to import the IPs into the firewall's blacklist?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello :)

There are no native tools that will do that for you, but you can find the cPHulk log at:

Code:
/usr/local/cpanel/logs/cphulkd.log
You will have to develop a script that searches this log for specific entries and parses the IP address from the output into a text file.

Thank you.
 

Shane3673

Well-Known Member
Dec 20, 2013
96
1
58
cPanel Access Level
Root Administrator
Yea, I figured it would be through SSHing into log files. Was hoping someone could break down some commands for me to help me export it to a text file. Thanks for the location of the log file I need to be looking at though. I will do some playing around with notepad++ after I copy it to my computer.
 

Shane3673

Well-Known Member
Dec 20, 2013
96
1
58
cPanel Access Level
Root Administrator
Had to create a ticket for something else related to CPanel and asked them after my other issue was fixed. Here is the solution in case anyone else is interested in doing this.

mysql cphulkd -e "select IP from brutes;" | egrep "[0-9]"

will give you a list of the blocked IPs
copy to notepad++
do find and replace with regular expression enabled
find ^ and replace with the code you need before each ip
find $ and replace with the code you need after each ip
script done paste into firewall terminal