Brute force not working

Wabun

• July 16, 2015 06:40

I am monitoring my 4 DNS only servers closely for weeks now, and my conclusion is that the cpHulk Brute Force is not working. The Failed Logins List is keeping empty. I wonder what could be wrong? MySql perhaps, what to look for? I have run several times the 'forced' update but it doesn't help either. I have set-up a new DNS only for testing and in that one the cpHulk BF works perfect. Forgot to mention that I use CSF, but if I disable the firewall, the list keeps empty! Now it is getting interesting, I installed CSF on the test dns server and no more ips in the list, I removed the CSF, rebooted, but still no more ips listed in cphulk BF..... why? Edit: not ticked both boxes: Block IP addresses at the firewall level if they trigger brute force protection Again an edit: removed the lock file and did a new installation, the cpHulk BF works again. I assume I need to contact CSF, looks like something is breaking this functionality when installing/running CSF. I suspect same situation on all my production servers.

• 

  cPanelMichael

  • July 17, 2015 15:41

  Hello :) Have you verified that brute force attempts and failed logins are occurring on the existing DNS-Only servers? Do you notice any error messages in /usr/local/cpanel/logs/cphulkd_errors.log when enabling/disabling cPHulk through WHM? Thank you.

  0
• 

  Wabun

  • July 22, 2015 11:28

  Hello :) Have you verified that brute force attempts and failed logins are occurring on the existing DNS-Only servers? Do you notice any error messages in /usr/local/cpanel/logs/cphulkd_errors.log when enabling/disabling cPHulk through WHM? Thank you.

  
  Here are my findings, I hope you have more suggestions to fix this. /scripts/restartsrv_cphulkd --stop; /scripts/restartsrv_cphulkd --start # Create a debug file touch /var/cpanel/hulkd/debug Wating a few hours.... cat /var/cpanel/hulkd/debug empty # cat /usr/local/cpanel/logs/cphulkd_errors.log empty /usr/local/cpanel/bin/hulkdsetup hulkdsetup: database schema is up to date. ps aux | grep -i cphulk root 4544 0.0 0.6 77092 11720 ? S 01:19 0:00 cPhulkd -processor root 21694 0.0 0.0 103248 852 pts/0 S+ 12:48 0:00 grep -i cphulk /scripts/restartsrv_cphulkd --stop; /scripts/restartsrv_cphulkd --start no errors cat /usr/local/cpanel/logs/cphulkd.log Nothing blocked only the whitelisted ones show up. mysql connect cphulkd mysql> select IP, LOGINTIME from logins order by LOGINTIME; Empty set (0.00 sec) mysql> select IP, BRUTETIME from brutes order by BRUTETIME; Empty set (0.00 sec) mysql> exit mysqlcheck -c cphulkd cphulkd.auths OK cphulkd.blacklist OK cphulkd.brutes OK cphulkd.good_logins OK cphulkd.ip_lists OK cphulkd.login_track OK cphulkd.logins OK cphulkd.report OK cphulkd.whitelist OK # mysqlcheck -r cphulkd cphulkd.auths OK cphulkd.blacklist OK cphulkd.brutes OK cphulkd.good_logins OK cphulkd.ip_lists OK cphulkd.login_track OK cphulkd.logins OK cphulkd.report OK cphulkd.whitelist OK cat /var/cpanel/hulkd/debug empty waited a few days, checked mysql, nothing logged. Used a TOR client, used a Proxy client, tried to login as root, nothing logged!

  0
• 

  Wabun

  • July 22, 2015 12:33

  Upgraded to 11.50 and it seems to work again.

  0
• 

  cPanelMichael

  • July 22, 2015 16:55

  It looks like it may have been an isolated occurrence, as I do not see any other reports about this on cPanel version 11.48. I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.