cPHulk Usage Question

domeneas

• March 02, 2016 04:28

CpHulk, how to use "Command to Run When an IP Address Triggers Brute Force Protection"? Hello, so I am slightly in the dark on how to use this function. I was hoping I could use it to write something that can notify the owner of an account if their account is locked. Any examples would be great. The way I am thinking of is not very sexy, comparing banned IPs to previously successful IPs and so on to select if the user should receive an email or not. I'd much rather have a countdown on the login page "You have 2 tries left" if anyone has a hint on that. Thanks so much.

• 

  cPanelMichael

  • March 02, 2016 19:09

  I was hoping I could use it to write something that can notify the owner of an account if their account is locked.

  
  Hello :) Are you familiar with the "Users can enable login notifications in the Contact Information area inside of cPanel" option in "WHM >> cPHulk Brute Force Protection"? It's found within cPanel at: "cPanel >> Preferences >> Contact Information" It allows users to enable notifications for the following actions: Someone logs in to my account. - Send login notifications, even when the user logs in from an IP address range or netblock that contains an IP address from which a user successfully logged in previously. - My preference for successful login notifications is disabled. Thank you.

  0
• 

  domeneas

  • March 03, 2016 07:56

  Hi, yes I am familiar with that, but I would like them to know when they (the current IP address they are trying to log in from triggers a brute force in cPHulk) are blocked, not if they have logged inn or other successful logins. That is not an option all ready, so I was hoping to use the custom command to write something to that effect myself, but am unable as I cannot find any examples of the commands it can run. It only lists the variables you can use. I was hoping it could trigger a script, but I can't find how to make it.

  0
• 

  cPanelMichael

  • March 15, 2016 18:03

  There are no native features for that type of notification, but you could develop a custom script that sends such a notification. The cPHulk API is documented at: WHM API 1 Functions - get_cphulk_failed_logins - Software Development Kit - cPanel Documentation As noted in the interface, the following variables are available when using the "Command to Run When an IP Address Triggers Brute Force Protection" feature:
  %exptime% - The Unix time when brute force protection will release the block %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures) %current_failures% - Number of current failures %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure) %reason% - The reason for the block %remote_ip% - The blocked IP address %authservice% - The last service to request authentication (for example, webmaild) %user% - The last username to request authentication %logintime% - The time of the request %ip_version% - The IP version (4 or 6)
  Thank you.

  0

Please sign in to leave a comment.