Introduction
You may have the need to pull data from cpHulkd to obtain information about failed login attempts and actively blocked users or addresses. Below are a few methods to obtain this data from the command line.
Procedure
Below are the commands that can be run from whmapi1 via the command line followed by documentation to help understand the output.
This function lists brute force attack entries from the cPHulk database.
whmapi1 get_cphulk_brutes
cPanel Docs: Return login security brute force attacks
This function retrieves excessive brute force attack entries from the cPHulk database.
whmapi1 get_cphulk_excessive_brutes
cPanel Docs: Return login security excessive brute force attacks
This function lists failed login attempt entries from the cPHulk database.
whmapi1 get_cphulk_failed_logins
cPanel Docs: Return login security failed logins
This function lists brute force attack entries from the cPHulk database, ordered by user accounts.
whmapi1 get_cphulk_user_brutes
cPanel Docs: Return login security brute force attacks by user
If you want to see this in a quick and easy graphical format, please refer to the article below about accessing the data via WHM