Introduction

You may have the need to pull data from cpHulkd to obtain information about failed login attempts and actively blocked users or addresses. Below are a few methods to obtain this data from the command line.

 

Procedure

Below are the commands that can be run from whmapi1 via the command line followed by documentation to help understand the output.

This function lists brute force attack entries from the cPHulk database.

whmapi1 get_cphulk_brutes

cPanel Docs: Return login security brute force attacks

This function retrieves excessive brute force attack entries from the cPHulk database.

whmapi1 get_cphulk_excessive_brutes

cPanel Docs: Return login security excessive brute force attacks

This function lists failed login attempt entries from the cPHulk database.

whmapi1 get_cphulk_failed_logins

cPanel Docs: Return login security failed logins

This function lists brute force attack entries from the cPHulk database, ordered by user accounts.

whmapi1 get_cphulk_user_brutes

cPanel Docs: Return login security brute force attacks by user

If you want to see this in a quick and easy graphical format, please refer to the article below about accessing the data via WHM

Where can the cPHulk Brute Force Protection logs be found?