WHM cPHulk configuration
hi,
I was wondering about these settings
Warning: The command must complete within 15 seconds to avoid a timeout.
The following variables may be used in commands:
-
does it add it to CSF with the variables so we know it was from cPHulk? if not, where can you see the IP's and any information that those ips were blocked ? The Reason I ask? - I have a check mark next to both settings and set to: [Maximum Failures per IP Address = 2] [Maximum Failures per IP Address before the IP Address is Blocked for One Day = 2] so if they trigger 2 and i have those checkmarks they should be blocked in firewall, but I do not think its working. so that's why I'm posting here thanks Spiro
- %exptime% - The Unix time when brute force protection will release the block
- %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
- %current_failures% - Number of current failures
- %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
- %reason% - The reason for the block
- %remote_ip% - The blocked IP address
- %authservice% - The last service to request authentication (for example, webmaild)
- %user% - The last username to request authentication
- %logintime% - The time of the request
- %ip_version% - The IP version (4 or 6)
Block IP addresses at the firewall level if they trigger brute force protection -
Block IP addresses at the firewall level if they trigger a one-day block does it add it to CSF with the variables so we know it was from cPHulk? if not, where can you see the IP's and any information that those ips were blocked ? The Reason I ask? - I have a check mark next to both settings and set to: [Maximum Failures per IP Address = 2] [Maximum Failures per IP Address before the IP Address is Blocked for One Day = 2] so if they trigger 2 and i have those checkmarks they should be blocked in firewall, but I do not think its working. so that's why I'm posting here thanks Spiro
-
Hey hey! This is interesting - could you make a ticket for this one so we can check it out? 0 -
Hey hey! This is interesting - could you make a ticket for this one so we can check it out?
case number is CPANEL-37418. Follow this article to receive an email notification when a solution is published in the product. Workaround There is currently no work around at this time. You may manually block IPs if required through Iptables or if the0 -
I don't have any updates to provide on this one, but I did leave a note saying that you were still experiencing the issue. 0 -
I don't have any updates to provide on this one, but I did leave a note saying that you were still experiencing the issue.
UPDATE:06/05/22 @cPRex I did add a support ticket and got it to work with CSF by adding the syntax in the text box below shown in the snapshot. The syntax used for the block command will depend on the firewall being used. I see the server is using CSF. The following article covers some useful CSF commands, including how to block IPs. 78217 He did also mention: You do not have to provide a command to run to block the IP. That said, please note that checking that box will add IP block rules directly to kernel iptables. As such, it will not integrate with firewall frontends, such as CSF. While this will generally work fine, there could be some issues. For example, restarting CSF could potentially remove all of the cPHulk rules added directly to kernel iptables, so those IPs would no longer be blocked. Exactly what interaction this would have with the firewall frontend will depend on the specific software used. Unfortunately I can't say exactly how this will work with CSF. The documentation below covers these settings in more detail.0
Please sign in to leave a comment.
Comments
4 comments