How to reference IP, ISP, data from cpHulk brute force emails in a command to append offenders to a csv list

M

mec-forum

Member
Jun 18, 2019
23
4
3
Italy
cPanel Access Level
Root Administrator
I would like to append offending IPs to a csv list with the same data that is sent by cpHulkd warning emails so that I can later import offenders.csv in excel, sort it and report the abuse. Has anyone tried that? I would put the command in the cphulk interface for when an ip ban is triggered.

I was thinking something like this but I lack knowledge of the proper variable names, if they exist at all...

echo "$TRIGGER_TIME;$IP;$ISP;$REVERSE_DNS" >> /root/offenders.csv

I would also like to rotate the log file each month, but no clue as how to do that...

Thanks in advance!
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,300
363
Houston
The variables that can be used are:

Code: 
The following variables may be used in commands:

%exptime% - The Unix time when brute force protection will release the block
%max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
%current_failures% - Number of current failures
%excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
%reason% - The reason for the block
%remote_ip% - The blocked IP address
%authservice% - The last service to request authentication (for example, webmaild)
%user% - The last username to request authentication
%logintime% - The time of the request
%ip_version% - The IP version (4 or 6)
%logintime% would be $TRIGGER_TIME
%remote_ip% would be $IP
$ISP and $REVERSE_DNS wouldn't be variables available. You could probably write something that did lookups for those since all you'd need is the IP address to do so.

For log rotation WHM>>Service Configuration>>cPanel Log Rotation Configuration you can select logs to be rotated (cPanel specific log files) then in WHM>>Server Configuratoin>>Tweak Settings you can set the size threshold at which you'd want the logs to be rotated.
 
keat63

keat63

Well-Known Member
Nov 20, 2014
1,961
267
113
cPanel Access Level
Root Administrator
Personally, I wouldn't bother reporting the abuse.
You'll be at this for the rest of your life, your own personal time is more important.

Install CSF firewall and let the firewall do all the hard wotk for you.
CSF firewall also has a number of live lists of bad IP's that you can facilitate.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J issue running ISPProtect Security 1
Spirogg SOLVED CSF Chain CC_ALLOW (1 references) Security 5
G After running Auto SSL, my website still display "Not Secure" Security 2
PCZero Security items displayed in cPanel for use who is not enabled for them Security 5
P references for learning to understand Mod Security from square one... Security 2
Similar threads
issue running ISPProtect
SOLVED CSF Chain CC_ALLOW (1 references)
After running Auto SSL, my website still display "Not Secure"
Security items displayed in cPanel for use who is not enabled for them
references for learning to understand Mod Security from square one...
Top Bottom