Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Set "UseDNS no" in sshd_config when cPHulkd is enabled

Discussion in 'Bind/DNS/Nameserver' started by sehh, Jan 9, 2009.

  1. sehh

    sehh Well-Known Member

    Feb 11, 2006
    Likes Received:
    Trophy Points:
    The changelog says that EDGE was updated with "Set "UseDNS no" in sshd_config when cPHulkd is enabled", what is this change about? UseDNS checks the remote IP address resolves properly.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Darren

    Darren cPanel Developer Staff Member

    Dec 26, 2001
    Likes Received:
    Trophy Points:
    Houston, TX
    If UseDNS is enabled, it sends the resolved domain name rather than the IP to PAM, which is what cPHulkd reads from when determining whether a login attempt is part of a brute force attempt or not. The problem with this is with whitelisting IPs; if PAM would pass the IP along with any resolved domain name, then we could resolve the domain to it's A records (if more than one) and verify at least one matches the IP it's connecting from. Alas, all we get is a domain that an attacker could set up to fake and get whitelisted. Consider the following scenario:

    Attacker has control over rdns on and NS for baddom.tld .
    Admin has whitelisted in WHM for cPHulkd.
    Attacker sets up to return a PTR with baddom.tld , then sets up an A record for baddom.tld to .
    Attacker brute forces root login on Admin's server and gets away with it, because when the Attacker connects from, the Admin's server resolves to baddom.tld and sends baddom.tld to cPHulkd. cPHulkd then resolves baddom.tld to an IP to check against the whitelist and finds, which matches and is allowed to carry on.

    We'll probably modify it somewhat in the near future to be configurable in case an Admin really want's it on, more than using whitelists with cPHulkd.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice