What operations might clear out cPHulk whitelist and blacklist ?
We started getting client distress calls one morning, and found that cPHulk whitelist and blacklist were completely wiped out.
The only thing we know of that was done prior to the issue was an engineer added shell access to some accounts.
Is there anything well-known that would wipe out cPHulk whitelist and blacklist like that ?
-
Hello, Root access would be required to make changes to the cPHulk configuration. We document how it's configured via the command line at: cPHulk Management on the Command Line - cPanel Knowledge Base - cPanel Documentation Could you verify how you are checking the cPHulk access lists? Thank you. 0 -
Beyond that, we're hoping for clues around what to look for in terms of administrative functions that might have "unintentional effect" on the cPHulk lists, as we're fairly certain noone explicitly wiped them.
Hello, cPHulk data is stored at the following location: /var/cpanel/hulkd/cphulk.sqlite You may want to verify that this file was (or it's parent directory) was not manually modified or removed. Also, note the switch to SQLite storage for cPHulk started in cPanel version 66. If you updated to cPanel version 66 just before noticing the missing data, then it's possible the conversion from MySQL database storage to SQLite storage failed. Thank you.0
Please sign in to leave a comment.
Comments
3 comments