Skip to main content

list of blocked countries with number of failed login attempts

Comments

6 comments

  • cPRex Jurassic Moderator
    Hey there! Sure - it's just a database, but the commands in SQLite are different than typical MySQL/MariaDB databases. The database is stored in /var/cpanel/hulkd/cphulk.sqlite. You can access the database with this command: sqlite3 /var/cpanel/hulkd/cphulk.sqlite From there, you can use SQLite commands to manipulate the database. Reading tables is done with the ".tables" command: sqlite> .tables auths ip_lists login_track config_track known_netblocks You'll likely want to pull data from the "login_track" table as that corresponds to the WHM >> cPHulk >> "History Reports" tab. Here's how that table is structured: sqlite> pragma table_info(login_track); 0|USER|CHAR(128)|1||0 1|ADDRESS|VARBINARY(16)|0|NULL|0 2|SERVICE|CHAR(64)|0|NULL|0 3|TYPE|INT(1)|0|NULL|0 4|LOGINTIME|DATETIME|1|'0000-00-00 00:00:00'|0 5|EXPTIME|DATETIME|1|'0000-00-00 00:00:00'|0 6|NOTES|TEXT|0||0 7|AUTHSERVICE|CHAR(64)|0|NULL|0 8|AUTHTOKEN_HASH|CHAR(86)|0|''|0
    0
  • ITHKBO
    If you need more easy on the eyes information for quick review ConfigServer Security & Firewall has this covered under lfd blocking statistics. If you have CSF than ConfigServer Security & Firewall -> View ldf Statistics Gets you something like this:
    0
  • renecd
    Cheers! Seems the ADDRESS field is empty, or is VARBINARY in a form that can't be displayed?
    0
  • renecd
    Yeah perhaps I should just install CSF/LFD. I used to have it installed but it didn't seem to make much difference...
    0
  • ITHKBO
    Yeah perhaps I should just install CSF/LFD. I used to have it installed but it didn't seem to make much difference...

    How long ago was that if I may ask? The geo function requires a private license key from MaxMind GeoLite2 or GeoIP2 since 2019-12-29 Without it the geoblock function wil simply not work but also not throw up any warning about it.
    0
  • renecd
    Thanks, I didn't know that. So the license key is entered in csf.config - but the countries are selected on the cphulk page? Or is there a csf page to choose blacklisted countries that I didn't see? Nm, I got it. (It's in /etc/csf/csf.conf - ^CC-* settings.)
    0

Please sign in to leave a comment.