Web Niraj
  • Facebook
  • Flickr
  • Github
  • Linkedin
  • Twitter
  • YouTube
Online portfolio, code examples and developer blog
  • About
  • Contact
  • Portfolio
  • WordPress
Search the site...
  • Home
  • Blog
  • Reporting cPanel cPHulk IPs to Abuse IP DB

Reporting cPanel cPHulk IPs to Abuse IP DB

2

In a previous post, I’ve shared a script that allows server administrators to report abusive IPs to the Abuse IP database. But did you know that you can also configure cPanel, and specifically cPHulk Brute Force Protection to automatically report abusive IPs to the database.

First, make sure you follow my previous post to setup the script on your server. Setting up the script to report Login Failure Daemon (LFD) IPs is already covered in my previous post too.

cPHulk Configuration

If you are not already using cPHulk protection on your server, you should enable it so that your cPanel server is protected from brute-force attacks. Specifically, you should enable “IP Address-based Protection” to block any abusive IPs from repeatedly trying to attack accounts on your system.

Once enabled, it’s easily to configure cPHulk to report the abusive IPs to the Abuse IP Database. You will see a field called “Command to Run When an IP Address Triggers Brute Force Protection”, which will let you enter the location of the script.

Assuming you have called your script lfd-v2.php, and you’ve stored it in the /root directory, you need to enter the following command in the field:

/root/lfd-v2.php %remote_ip% "" "" "" "" %reason%

If entered correctly, you should see the following in CPHulk:

Next, you should trigger a login failure (ideally using a different IP to the one you’re currently on, so you don’t inadvertently block yourself). I did a test by navigating to my cPanel login page on a mobile device (connected to mobile data), and entered a invalid username and password five times.

If triggered correctly, you should see an entry added to the Abuse IP database, as follows:

Brute Force, cPanel / WHM, cPHulk, Security

2 comments on “Reporting cPanel cPHulk IPs to Abuse IP DB”

  1. Sweepr says:
    August 1, 2020 at 2:16 PM

    What should the command be?

    /etc/csf/lfd-v2.php %remote_ip% “*” “*” “*” “*” %reason%
    Or
    /etc/csf/lfd-v2.php %remote_ip% “” “” “” “” %reason%

    You tutorial shows 2 different options.

    Reply
    • Niraj Shah says:
      August 1, 2020 at 2:29 PM

      You can use either. I used * in cPanel command but this is essentially passing generic value. Use the example in the article, not the one from the screenshot.

      Reply

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

StackExchange / StackOverflow

profile for Niraj Shah on Stack Exchange, a network of free, community-driven Q&A sites

PSN Profile

Tags

Amazon Web Services Android Android 4.4 KitKat Android 5.0 Lollipop Apache API Application Backup Bug Command Line Cordova Example Facebook Facebook Graph API Facebook PHP SDK 4.0 Facebook Social Plugins Fan Page Flash Geolocation Google Nexus 5 Google Nexus One Hacking HTML5 Image Manipulation iOS iPhone JavaScript jQuery Laravel 5 Linux NodeJS Parse PDF PHP Plugin Portfolio Review Security Server SSH SSL Sysadmin Tutorial WordPress WordPress Plugins
© 2011-2022 Niraj Shah
  • Blog
  • Portfolio
  • WordPress
  • About Me
  • Contact Me
  • Privacy Policy
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Privacy Policy