http://updates.cpanel.net

http://updates.cpanel.net/pub

User root blocked – cPHulk Brute Force Protection

Source: http://hostechs.com/2008/10/user-root-blocked-cphulk-brute-force-protection

Had a few clients lately blocking them self out and when i say blocking i mean blocking the user root because of them inserting the wrong password more then X times when Brute Force Protection was enabled on the server.

Of course that they were unable to login anymore to the server using the root user and more to it no one was able to login over an ssh connection.

A way around this is to access the server in single user and delete the blocked users:

mysql cphulkd
mysql> delete from brutes;
mysql> delete from logins;
mysql> quit

Now this happens usually if the following setting is set to low when setting up Brute Force Protection:

Maximum Failures By Account:

For anyone who has this kind of issues you may want to create a second user on the server and add that user to the sudoers /etc/sudoers group so that if you block the root user out you will still be able to access the server and fix the problem.

All this goes also for anyone who uses another user to connect to the server and has root ssh access disabled.

How to remove an IP from the cphulkd blacklist

Source : http://openhelp.info/index.php?option=com_content&task=view&id=60&Itemid=33 

:-cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services

by guessing the login password for that service.

It blacklists IPs that it thinks are trying to run a brute force attack.

Just follow the below steps  for removing the black listed IP:-
1)Login to MySQL .
root@server [/var/log]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 425476 to server version: 3.23.58
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
mysql> show databases;
+——————-+
| Database    |
+——————-+
| cphulkd       |
| eximstats     |
| horde          |
| mail             |
| mirror_com  |
| mysql          |
+——————-+
9 rows in set (0.02 sec)
2) "use" the cphulkd database and show tables inside the cphulkd  database.
mysql> use cphulkd
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+——————————+
| Tables_in_cphulkd |
+——————————+
| auths                     |
| brutes                    |
| logins                     |
+—————————– +
3 rows in set (0.00 sec)
mysql>
3)Check the black listed IP’s in the tables brutes and logins.
mysql> select * from brutes;  
+————–+—————————————————————–+
| IP           | NOTES                                                        |
+————–+—————————————————————–+
| 24.90.253.66 | 6 login failures to ad@ope.inad@ope.in This email address is being protected from spam bots, you need Javascript enabled to view it (ftp)       |
+————–+—————————————————————–+
1 row in set (0.00 sec)
mysql>
4)Remove the iP Address s from the table and restart cPanel service.
mysql> delete from brutes where IP=’11.20.254.56′;
Query OK, 1 row affected (0.00 sec)
mysql>   
5) Restart cPanel service.
service cpanel restart
This will fix the issue.
Note:-Error log for cphulkd is  /usr/local/cpanel/logs/cphulkd_errors.log

If you want to remove all the IP’s which are balacklisted by the cPhulkd.

Then just issue the folowing MySQL query:-

delete from brutes ; ( Brutes is the table name  here)

Source: http://www.v-nessa.net/2007/07/20/upgrading-to-mysql-5120-on-cpanel 

If you have server that run on cPanel, you’ll probably know how big of a Nazi it is in regards to the MySQL versions it can run. We just got this new line of servers at work and one of them I was pretty heartset on installing MySQL 5.1, mainly because of its loadable plugin features where you can install a plugin or module without having to recompile the whole damn thing. Upgrading to 5.1 is easy, you just have to follow the right steps.

First, I would recommend upgrading to cPanel 11 or EDGE, which should have support for compiling Apache with non-supported versions of MySQL. On this server, I’m currently running 11 on the bleeding edge build. Also, it’s a splendid idea to dump all your databases before upgrading.
Note that these instructions mention MySQL 5.1.20-beta because that’s the latest release available at the time of my writing….but you can essentially follow this guide for any version of MySQL!

1. Copy the MySQL libraries from the server into a temporary location:

mkdir /root/sqllibs
cp /usr/lib/libmysqlclient.* /root/sqllibs

2. Find any installed MySQL packages:
rpm -qa | grep -i mysql-

This should present a list of installed rpm’s…remove them with rpm -e ,but note that some may need to be removed before others. Some people also would remove the /var/lib/mysql directory, but you can leave that there.

3. Download and install the MySQL 5.1.x packages:

Hop on over to http://dev.mysql.com/downloads/mysql/5.1.html#linux-x86-32bit-rpms and download the 5.1 RPM’s and install them:
rpm -i MySQL-client-5.1.20-0.glibc23.i386.rpm
rpm -i MySQL-devel-5.1.20-0.glibc23.i386.rpm
rpm -i MySQL-embedded-5.1.20-0.glibc23.i386.rpm
rpm -i MySQL-test-5.1.20-0.glibc23.i386.rpm
rpm -i MySQL-server-5.1.20-0.glibc23.i386.rpm

4. Prepare cPanel

You’ll want to make sure that cPanel’s updates don’t reset the MySQL version, so you need to run the following commands to force cPanel to skip MySQL updates:
touch /etc/mysqldisable
touch /etc/mysqlupdisable

Now edit /var/cpanel/cpanel.config and change the MySQL version to 5.1

Create the symlink:
ln -s /var/lib/mysql/mysql.sock /tmp

Also, verify that the MySQL version is correct by running mysql -V

root@vps [~]# mysql -V
mysql Ver 14.13 Distrib 5.1.20-beta, for pc-linux-gnu (i686) using readline 5.0

5. Set up MySQL

MySQL should have already been started at this point, so you can attempt to log in as root using mysql -u root . If you are able to log in on the first try, great. If not, you’ll need to reset the MySQL password:
pico /etc/my.cnf

Add this line, and restart MySQL
skip-grant-tables
service mysql restart

Now log into MySQL root and set the password:


mysql -u root
mysql> FLUSH PRIVILEGES;
mysql> GRANT ALL PRIVILEGES ON *.* TO root@localhost IDENTIFIED BY ‘yourpassword’ WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> exit;

service mysql restart

When you’re done, remove the skip-grant-tables line from /etc/my.cnf and restart MySQL. Then log into Webhost Manager and reset the password *again*… this is necessary to build a bridge between the linux root user and the MySQL root user, so you can log into MySQL both through WHM’s phpMyAdmin, and SSH without a password when logged into the server as root.

All you need to do now is recompile Apache, but move the MySQL libraries back so easyapache can find them:

mv /root/sqllibs/libmysqlclient.* /usr/lib/mysql/

I haven’t tested too many configurations yet, but what works for me is Apache 2.2.4 with php 5.2.3, compiled with MySQL and mysqli, but NOT system MySQL.

Source : http://www.ducea.com/2006/07/16/cpanel-upgrading-to-mysql5/

CPanel has included support for MySQL 5 in all its latest releases - 10.8.2-xxx – (Stable/Release/Current). I find this very cool and it is a big difference in trying to get MySQL4 to run on Plesk for example. Anyway the upgrade process is very simple, and probably no one will need any additional information to complete this safely. I just wanted to point out some of the problems you might encounter in performing this upgrade.
How can you upgrade to MySQL5? Simply login to the WHM interface, and from “Server Configuration / Tweak Settings” choose in the “MySQL” section the 5.0 radio button. Then click “Save” and you are done. This will actually run the script: /scripts/mysqlup that will download and install the latest MySQL5 rpms available at that time.
After completion as instructed you should rebuild your perl mysql libraries and rebuild apache (to have php build against the newly installed mysql library).

/scripts/perlinstaller --force Bundle::DBD::mysql

and for apache/php:

/scripts/easyapache

or you can see this post for more details on compiling apache/php on CPanel from WHM.

What should you be aware prior to perform this upgrade? Here are some issues that you might find useful to know before doing this…

1. The upgrade is not reversible…

Even if you see the warning and this is even in bold:

“Updating from a previous verion of MySQL to a later version is not automaticlly reversable. You should backup your databases if you think you might wish to downgrade in the future.”

you might not believe it… Well I have not believed it as I have performed safely downgrades to mysql4.1 in case of problems on manual installs of mysql. But in this case CPanel is telling the truth… After you will complete the upgrade in WHM the choice for MySQL 4.1 (the radio button) will disappear and you will no longer be able to choose it. You can probably downgrade manually if you really need to, by downloading the MySQL4 rpms and install them manually from the command line while removing the MySQL5 ones. In this case you might find useful the link to the location of CPanel rpms:

http://updates.cpanel.net/pub/mysqlinstall/

2. MySQL might fail to start…

Since I have done this only on RHEL4 servers I am not aware if this problem exists on other distributions as well. But in RHEL the MySQL5 init script was failing after the upgrade with the following error:

/etc/init.d/mysql start
Starting MySQLCouldn't find MySQL manager or server        [FAILED]

Tracking down this error I found out that the MySQL configuration file (/etc/my.cnf) installed by the upgrade had a wrong line that was causing this behaviour:

/etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
#old_passwords=1

[mysql.server]
user=mysql
basedir=/var/lib    # <= you will need to comment this line
old-passwords = 1

[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

The line basedir=/var/lib was causing the error and in case you are having the same problem commenting out that line will solve the problem and MySQL will start properly.

These are the 2 issues I have found out when upgrading MySQL5 and hopefully you will be aware of them prior to loosing too much time trying to solve them Besides this MySQL5 is running fine and I have not found any problems in normal operation or with the integration with other CPanel functions. Have fun.