Operating System & Version
Almalinux 8.5
cPanel & WHM Version
cPanel 102.0.15

Spirogg

Well-Known Member
Feb 21, 2018
668
142
43
chicago
cPanel Access Level
Root Administrator
hi,
I was wondering about these settings


Warning: The command must complete within 15 seconds to avoid a timeout.
The following variables may be used in commands:

  • %exptime% - The Unix time when brute force protection will release the block
  • %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
  • %current_failures% - Number of current failures
  • %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
  • %reason% - The reason for the block
  • %remote_ip% - The blocked IP address
  • %authservice% - The last service to request authentication (for example, webmaild)
  • %user% - The last username to request authentication
  • %logintime% - The time of the request
  • %ip_version% - The IP version (4 or 6)


where do you see the output of this? when you add a variable or 2 or 3?

also if you have CSF installed and set the check mark to block IP at firewall level,

- Block IP addresses at the firewall level if they trigger brute force protection

- Block IP addresses at the firewall level if they trigger a one-day block

does it add it to CSF with the variables so we know it was from cPHulk?

if not, where can you see the IP's and any information that those ips were blocked ?



The Reason I ask?
- I have a check mark next to both settings and set to:
[Maximum Failures per IP Address = 2]
[Maximum Failures per IP Address before the IP Address is Blocked for One Day = 2]

so if they trigger 2 and i have those checkmarks they should be blocked in firewall, but I do not think its working.


so that's why I'm posting here

thanks

Spiro
 
Last edited by a moderator:

Spirogg

Well-Known Member
Feb 21, 2018
668
142
43
chicago
cPanel Access Level
Root Administrator
Hey hey! This is interesting - could you make a ticket for this one so we can check it out?

We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-37418. Follow this article to receive an email notification when a solution is published in the product.



Workaround
There is currently no work around at this time. You may manually block IPs if required through Iptables or if the CSF plugin is installed.

:( Just saw this so no need to open ticket (unless you still want me too?)

can you see if they can give you an update - cause that stinks if it does not work and its been 6 months already and no fix yet?
 
Last edited: