Making a "known" network "unknown" for logins
| I've received several emails from cpHulk about:
[QUOTE]Successful Login as "(username)" from an Unknown Network...
A 'Known Network' is an IP address range or netblock that contains an IP address from which a user successfully logged in previously. It appears that cPanel/WHM adds an address/netblock to the "known" list if someone successfully logs in. I'd like to find where that table of "known" networks is maintained so I can delete the added addresses so I will be warned if someone logs in again from them. |
-
Hey there! This setting is controlled in the cPanel >> Contact Information area for each individual user if you wanted to adjust that. I've attached a screenshot showing this option: There doesn't seem to be much information on where those IPs actually get stored on the server. I've reached out to our developers and I will post an update here as soon as I have more details. 0 -
I've seen that control, but I don't really want to get inundated with email messages every time one of my own people logs in from an address that belongs to us. I just want to be able to remove the IP addresses associated with remote logins that were approved by cPanel that I don't want to remain approved. 0 -
Alrighty - I have some more detail on this :D Here's a series of commands that will pull that info from the cPHulk database: # sqlite3 /var/cpanel/hulkd/cphulk.sqlite SQLite version 3.32.3 2020-06-18 14:00:33 Enter ".help" for usage hints. sqlite> .tables auths ip_lists login_track config_track known_netblocks sqlite> select * from known_netblocks; root|||2021-03-04 09:38:23
along with the confirmation it does use that table. Let me know if that's what you were looking for!0 -
For a table called known_netblocks, its contents are a discouraging letdown. When I did the select, all I got were user IDs that had logged into the server (even if only to read mail) and the date/time it happened. Zero information about the IP addresses involved. I dumped the definition of the table: sqlite> .schema known_netblocks CREATE TABLE `known_netblocks` ( `USER` CHAR(128) NOT NULL, `STARTADDRESS` VARBINARY(16) NOT NULL DEFAULT '', `ENDADDRESS` VARBINARY(16) NOT NULL DEFAULT '', `LOGINTIME` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00', UNIQUE (`USER`,`STARTADDRESS`,`ENDADDRESS`) ON CONFLICT REPLACE ); Perhaps startaddress and endaddress are supposed to be IP addresses, but they're all blank. I'm not sure how the concepts of start and end factor into login IP addresses, so they may not be. Furthermore, the construct "not null default null" is highly suspect (I believe a recent update to MySQL outlawed this from occurring). login_track looked interesting, but again the addresses were all blank, and the contents seem to be kept for only around 24 hours. I found some interesting content in auths and did a little modification there, but no IP addresses. This database sure does smell like the place that SHOULD contain the information I want, and has places to put it, but it's not being entered. 0 -
Agreed - I've asked for some slightly different details on this, and there's also some talk now of getting a way to display this in the interface directly. I'll report back when I have something. 0 -
Huh. Ran into this problem again today, searched for answers to this question, and found this from four years ago. :-(
If you have new news on this situation, I would surely appreciate it.
0 -
Hey hey! I actually don't have much on this one. I created case CPANEL-48153 with our developers to see if I can get some clarification on how we actually manage that data in the system, and I'll be sure to reply when I get more information. It usually takes them a couple weeks to reply to these types of cases.
0
Please sign in to leave a comment.
Comments
7 comments