Where Does an IP get Blacklisted on cpHulk?

Ruan

Registered
Jul 21, 2015
2
0
1
South Africa
cPanel Access Level
Root Administrator
I recently became aware of:

/scripts/cphulkdblacklist

and

/scripts/cphulkdwhitelist.

I used /scripts/cphulkdblacklist to blacklist an IP, 196.5.4.3. When I browse to the WHM interface of cpHulk, I see the IP has indeed been blacklisted. However, when I check the MySQL database, I cannot find the IP in the table "blacklist":


mysql> select IP from blacklist;
Empty set (0.00 sec)

mysql> select ISPREFIX from blacklist;
Empty set (0.00 sec)

If cpHulk does not store this blacklisted IP in the MySQL database, where does it store it?

Kind regards,

Ruan
 

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
807
158
168
New Jersey
cPanel Access Level
DataCenter Provider
I just ran an strace when running that script and noticed:

sendto(3, "\267\0\0\0\3INSERT INTO ip_lists (START"..., 187, MSG_NOSIGNAL, NULL, 0) = 187

so its storing it in the ip_lists table however its stored using varbinary
 
  • Like
Reactions: Ruan

24x7ss

Well-Known Member
Sep 30, 2014
272
17
68
India
cPanel Access Level
Root Administrator
Twitter
cphulk will restore the ips in cphulk db. You can use below command to check the list of IP.

select IP, LOGINTIME FROM logins order by LOGINTIME;

select IP, BRUTETIME from brutes order by BRUTETIME;

Make sure you are running these commands in mysql cphulk db.