cphulk 11.50+ : remove IP via ssh connection

Dev@SH

• July 08, 2015 10:41

Due to some questionable design choices in 11.50+ with regards to cphulks blacklist UI, I would like to delete IPs by SSHing into the server and removing the IPs from the blacklist via commandline. In the past : delete from cphulkd.logins where IP='X.X.X.X'; delete from cphulkd.brutes where IP='X.X.X.X'; would work to remove the IP and allow the customer to login. Thank you.

• 

  cPanelKenneth

  • July 08, 2015 15:59

  Hello, You can remove banned IP addresses via command line using the following utility:
  /usr/local/cpanel/scripts/hulk-unban-ip
  

  0
• 

  Dev@SH

  • July 08, 2015 16:26

  Yes and that would remove a cPhulk ban. How can I remove an IP from the blacklist via commandline?

  0
• 

  cPanelMichael

  • July 16, 2015 14:03

  Hello :) The whitelisted and blacklisted IPs are stored in "ip_lists" table of the cphulk database as VARBINARY entries - in order to "read" them via a select statement, you will need to use the INET6_NTOA() mysql function (only available in 5.6.3+). EX to check whitelisted IPs:
  mysql cphulkd; SELECT INET6_NTOA(`STARTADDRESS`), INET6_NTOA(`ENDADDRESS`), `COMMENT` from `ip_lists` WHERE TYPE = 1;"
  If you are using an earlier version of MySQL, then you could use our API to obtain the blacklisted IP addresses instead. This is documented at: new; my $request = HTTP::Request->new( GET => "https://127.0.0.1:2087/json-api/read_cphulk_records?api.version=1&list_name=black&ips_in_list" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content;
  For the script, install the following Perl modules and make it executable:
  /scripts/perlinstaller --force IO::Socket::SSL /scripts/perlinstaller --force Net::SSLeay chmod +x /pathtoscript
  Then run the script:
  /pathtoscript | python -mjson.tool Example return: root@server [~]# /root/blacklist.pl | python -mjson.tool | grep -v '\{\|\}' "1.2.3.4": null "list_name": "black", "requester_ip": "127.0.0.1" "command": "read_cphulk_records", "reason": "OK", "result": 1, "version": 1
  
  Additional API functions are available if you need to remove specific records (e.g.

  0

Please sign in to leave a comment.