Listed cpHulk IPs that cannot be found in the DB
I have written a script that accepts an IP as an argument and then queries that IP against three cphulkd tables: logins, brutes and blacklist, to see if the IP is listed. It works very well, for the most part.
However, I am experiencing an issue where the WHM interface of cpHulk shows some IP addresses in the Failed Logins History Report that cannot be found in any of those three tables, which is quite confusing as no other tables seem to have an IP field.
I know this is a very open query, but I would like to understand a bit more about where cPanel gets the data it displays. What source am I a missing in my script? I see there is a table known_netblocks, that seems to specify IP ranges, but in the varbinary format. Could this be a factor?
I hope this is the correct part of the forum to post this query in, and thank you in advance for any replies :-).
-
Hello :) Here's a snippet from some internal documentation that you may find helpful: The cphulkd MySQL database tables are the following as of cPanel & WHM 11.48: [LIST] - auths => Stores the authentication keys for each service
- ip_lists => Store the whitelisted (TYPE 1) and blacklisted (TYPE 2) IP(s)
- known_netblocks => Stores known blocks of IP(s) for previous logins
- login_track => Store the history reports for each IP Of note, the STARTADDRESS and ENDADDRESS fields in ip_lists and known_netblocks tables, and the ADDRESS field in the login_track table are stored in VARBINARY format. This means that they can only be read by MySQL 5.6+ INET_NTOA function such as the following example:
# echo 'select INET6_NTOA(`STARTADDRESS`), INET6_NTOA(`ENDADDRESS`), `TYPE` from `ip_lists`' | mysql cphulkd >/tmp/cpdb.txt && cat /tmp/cpdb.txt | sed s/::ffff://g INET6_NTOA(`STARTADDRESS`) INET6_NTOA(`ENDADDRESS`) TYPE 1.2.3.4 1.2.3.4 2 208.74.121.102 208.74.121.102 1 50.50.50.50 50.50.50.50 1
Thank you.0
Please sign in to leave a comment.
Comments
1 comment