cPhulk blocking 0.0.0.0

fabin

• March 11, 2015 23:44

Today, I couldn't login to my server using SSH and WHM. I had to disable cphulk from rescue mode in order to get the access back. On checking the cphulk report, I could see that 0.0.0.0 is blocked. See screenshot attached. Why is 0.0.0.0 blocked?

• 

  cPanelMichael

  • March 12, 2015 17:41

  Hello, Is there any traffic identified as 0.0.0.0 aimed at the server? You may want to install tcpdump and run the following command to see if that's the case:
  tcpdump -nnvv host 0.0.0.0
  If you see data, check for the Client-Ethernet-Address from the output and determine if it's from your own server:
  ifconfig|grep [Client-Ethernet-Address-Here]
  Thank you.

  0
• 

  ds00424

  • April 10, 2015 19:55

  I heard from Bluehost that there is a bug with a signature similar to trouble mentioned here. cphulk is erroneously getting the connecting IP as 0.0.0.0 and then blocking it. I was unable to ssh log into my Bluehost system. They turned off cphulk and then I could log in. Said it was a known bug and were working with cPanel to get it resolved. Is there a defect i can watch to know when it is fixed?

  0
• 

  cPanelMichael

  • April 13, 2015 18:17

  I heard from Bluehost that there is a bug with a signature similar to trouble mentioned here. cphulk is erroneously getting the connecting IP as 0.0.0.0 and then blocking it. I was unable to ssh log into my Bluehost system. They turned off cphulk and then I could log in. Said it was a known bug and were working with cPanel to get it resolved.

  
  There's an open case regarding the use of "su" to access root, but not for the issue described by the original poster. Could you have your hosting provider let you know the case number they are referring to? Thank you.

  0

Please sign in to leave a comment.