Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

What operations might clear out cPHulk whitelist and blacklist ?

Discussion in 'Security' started by rk4n3, Feb 13, 2018.

Tags:
  1. rk4n3

    rk4n3 Registered

    Joined:
    Feb 13, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Albert Lea, MN
    cPanel Access Level:
    Reseller Owner
    We started getting client distress calls one morning, and found that cPHulk whitelist and blacklist were completely wiped out.

    The only thing we know of that was done prior to the issue was an engineer added shell access to some accounts.

    Is there anything well-known that would wipe out cPHulk whitelist and blacklist like that ?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,323
    Likes Received:
    1,851
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. rk4n3

    rk4n3 Registered

    Joined:
    Feb 13, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Albert Lea, MN
    cPanel Access Level:
    Reseller Owner
    Admin staff is looking at the cPHulk whitelist and blacklist via WHM, logging in as root.

    What we're not sure about is how the whitelist and blacklist got wiped - we know of one
    administrative change that was made the night before the lists were discovered to be
    empty, and that was to add shell access to some accounts.

    Beyond that, we're hoping for clues around what to look for in terms of administrative
    functions that might have "unintentional effect" on the cPHulk lists, as we're fairly certain
    noone explicitly wiped them.

    Thanks for any advice you can offer ...
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,323
    Likes Received:
    1,851
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    cPHulk data is stored at the following location:

    /var/cpanel/hulkd/cphulk.sqlite

    You may want to verify that this file was (or it's parent directory) was not manually modified or removed. Also, note the switch to SQLite storage for cPHulk started in cPanel version 66. If you updated to cPanel version 66 just before noticing the missing data, then it's possible the conversion from MySQL database storage to SQLite storage failed.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice