cphulk

  1. Spirogg

    In Progress CPANEL-41073 - new update in cPHulk adding IP's to white list or Blacklist does not flag already listed IP's?

    Hello I know this is just an Edge Version cPanel & WHM v105.9999.82 but it seems when you add an IP then add the same IP again it just says it added it to the list. but it should flag it as already listed the other new thing is the # comments so if you add IP 10.10.10.10 # add your comment here...
  2. Spirogg

    WHM cPHulk configuration

    hi, I was wondering about these settings Warning: The command must complete within 15 seconds to avoid a timeout. The following variables may be used in commands: %exptime% - The Unix time when brute force protection will release the block %max_allowed_failures% - Maximum allowed failures to...
  3. Spirogg

    Question about: cPhulk contains outdated country code IP lists after applying a major version updates to cPanel

    just trying to clarify if this is only 1 country we need to turn off then on again or each country I'm assuming its just one but doesn't hurt to ask to make sure? Steven Sublett 20 days ago Updated Unfollow Symptoms cPhulk sends a notification about IPs attempting to log in which are...
  4. A

    CPHulk country block not working

    We have country blocking enabled on our servers using CPHulk for countries we know our clients would never login from. Over the last several days we have seen many IMAP failed login attempts from countries that we have blocked. We see this throughout multiple servers we have running WHM and...
  5. C

    How to export all failed IPs from cpHulk into txt/csv?

    How do I export a list of all the IPs from History Reports section of cpHulk? I've got tens of thousands of failed logins / IPs listed in there from all kinds of random countries (obvious brute force login attempts), and going page by page and copying those IPs would take, oh, I dunno, a month...
  6. S

    Cphulk - not blocking "[WARNING] Sorry, cleartext sessions and weak ciphers" IPs

    My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE: pure-ftpd: ([email protected]) [INFO] New connection from 154.89.5.82 pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions...
  7. I

    Configuración optima de procesos cPanel

    Buenas, actualmente tenemos un servidor dedicado únicamente para cPanel con las siguientes características: 1 TB de almacenamiento 12 GB Ram 8 nucleos CPU Nuestro servidor mantiene principalmente servicios de correo, paginas web, hechas con WordPress y prestashop en su mayoría, y lo que...
  8. E

    Backlisted all Countries into cPHulk Brute Force Protection now blocked

    Hi, by mistake i Backlisted all Countries into cPHulk Brute Force Protection , even ssh is disabled into whm dedicated server. now all login not working. Only a old vps ip is whitelisted into dedicated server how i able to access whm again. i able to gone into rescue mode and mont drive...
  9. K

    cPHulk block login email

    Hi! Why does cPHulk block the email login if the password is correct in case of attack? How can this be avoided?
  10. C

    CPHulk Blocked

    A customer got blocked by CPhulk due to excessive login attempts (pw on email wrong) I have now whitelisted his static IP in both CPHulk and CSF, cleared the blocked IP, checked IP tables and restarted cphulk and dovecot However he is still blocked - emails, domains, cant access the server at...
  11. J

    Cpanel blacklisting itself

    Hello and wishing everyone health. I've been reviewing my cpanel cPHulk history and see frequent repeating entries at specific time periods with a correct username but with an incorrect, mangled domain name and a rip ip address that is my correct server domain ip address. Example...
  12. D

    cPHulk Brute Force Blacklist limit 200 only?

    Hi guys it seems that cPHulk Brute Force Blacklist has a limit of only 200 IP addresses. Is there a way of increasing the blacklist limit?
  13. E

    SOLVED CPHulk read history reports using the command line or API

    Hi, I get daily calls about CSF and CPHulk and now I want to automate reading and removing entries. CSF is well supported via the command line. CPHulk not it seems? Reference documentation for CPHulk: cPHulk Management on the Command Line | cPanel & WHM Documentation I need to read the...
  14. sahostking

    cpHulk Blacklisting all countries

    We are getting many SMTP brute force attacks which causes load on our servers. Now we use many firewall besides not only a hardware firewall infront of servers but also bitninja / CSF. However it does not seem to be working too well as they still get through with distributed attacks to those...
  15. J

    cPHulk vs Exim Blacklist

    According to this article, blacklisting/restricting IPs from accessing the server through SMTP is done through EXIM configuration. Doesn't cPHulk do the same thing on a broader basis? Should I blacklist in both EXIM and cPHulk?
  16. S

    Brand new install, CPHulk links broken

    Just installed CPanel/WHM on a brand new server, and have already encountered a problem: in CPHulk EMail notifications, the links to blacklist or whitelist IPs/ranges do not work. More specifically, the links work in that they take you to the in page, which a loads - but it's impossible to...
  17. S

    cPHulk protection types

    Hi, I'm getting confused about the two types of protection options available in cPHulk: username-based and IP address-based. I've read the doc page for this but it's a bit unclear to me as it self-references a bit. :) In the section about username-based protection, it says: "Username-based...
  18. N

    All Traffic Seen as Gateway IP by cphulk

    Hello, After investigating some of your run-of-the-mill cphulk blocks, I realized the reason my whitelist isn't working is that cphulk is seeing all traffic as the gateway IP (10.0.0.1) and brute forcing bots are getting that IP temp banned. Clearly I've taken a wrong turn somewhere in...
  19. O

    cPHulk show our server IP address

    Hello, When I check the server for brute force attack, in the IP section it shows the IP of our server, and in the Authentication Service section it shows dovecot, country LT, although the server is not even in this country. Can someone explain why it shows the IP of our server?
  20. S

    cPhulk affects on TTFB?

    Hello, It is possible impact cPhulk on TTFB? This should not affect but our client had a bad TTFB. We cleaned over 30k record in cPhulk and now the TTFB is better. Best regards