cPHulk auto add IP to blacklist

gnetwork-cp

• March 04, 2016 01:56

Hi all, I searched around for this solution, but most recommended to use CSF instead, overkill in my view. I prefer to use cPHulk blacklist for easy management, rather than have potentially thousands of IP's in iptables. According to the documentation, and variables available for commands, it should be possible to automatically add an offending IP address to the blacklist. Command to Run When an IP Address Triggers:
/scripts/cphulkdblacklist %remote_ip%
I posted here but did not test (hate to get locked out). If anyone can verify that this command is good, would be great! Thanks.

• 

  24x7server

  • March 04, 2016 10:11

  Hello :), You will have to use following command to block that IP
  MOD EDIT - This is Not Accurate
  Here are the command variables list :

  0
• 

  gnetwork-cp

  • March 04, 2016 10:26

  Hi, thanks for that. This is the first time I've seen this as possible. I read that documentation which mentioned %ip%, but also noticed the different variable on WHM cPHulk Brute Force Protection page: ----------------------------------------------------------------------------------- Command to Run When an IP Address Triggers a One-Day Block The following variables may be used in commands: %exptime% - The Unix time when brute force protection will release the block %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures) %current_failures% - Number of current failures %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure) %reason% - The reason for the block %remote_ip% - The blocked IP address %authservice% - The last service to request authentication (for example, webmaild) %user% - The last username to request authentication %logintime% - The time of the request %ip_version% - The IP version (4 or 6) ----------------------------------------------------------------------------------------- That's why I was'nt sure. Can you please confirm its definitely %ip% and not %remote_ip%. Thankyou

  0
• 

  cPanelMichael

  • March 09, 2016 17:59

  Hello :) I've tested and confirmed the correct value to use is:
  %remote_ip%
  I've opened a case with our documentation team to have them correct the reference to "%ip%" in our documentation. Thank you.

  0
• 

  cPanelMichael

  • March 15, 2016 20:25

  To update, the document now reflects the correct variable. Thank you.

  0
• 

  xhagentech

  • November 26, 2021 04:34

  /scripts/cphulkdblacklist %ip% - tested working and please dont forget the refresh the entire page

  0

Please sign in to leave a comment.