Export CPHulk Temp Blacklist
I have CPHulk setup to lock out IPs for failed login attempts for 2 weeks. I also have a hardware firewall that I sometimes manually add IPs to a Blacklist permanently. I want this so the IPs that are trying to brute force can be locked out permanently and use the firewalls resources to block the connection versus the server. Adding these IPs into the firewall from the alerts I get from CPHulk is a very long process. How can I export the temporary blacklist from CPHulk to a text file in which I can turn into a script to import the IPs into the firewall's blacklist?
-
Hello :) There are no native tools that will do that for you, but you can find the cPHulk log at: /usr/local/cpanel/logs/cphulkd.log
You will have to develop a script that searches this log for specific entries and parses the IP address from the output into a text file. Thank you.0 -
Yea, I figured it would be through SSHing into log files. Was hoping someone could break down some commands for me to help me export it to a text file. Thanks for the location of the log file I need to be looking at though. I will do some playing around with notepad++ after I copy it to my computer. 0 -
Had to create a ticket for something else related to CPanel and asked them after my other issue was fixed. Here is the solution in case anyone else is interested in doing this. mysql cphulkd -e "select IP from brutes;" | egrep "[0-9]" will give you a list of the blocked IPs copy to notepad++ do find and replace with regular expression enabled find ^ and replace with the code you need before each ip find $ and replace with the code you need after each ip script done paste into firewall terminal 0
Please sign in to leave a comment.
Comments
3 comments