1. B

    Server's own IP in cpHulk reporting system cpaneld auth failure?

    I've randomly stumbled upon my server's IP in cpHulk History Reports yesterday. So, my server is basically trying to bruteforce its way into one of its own cPanel accounts, it seems. After a quick find in all PHP files, I found that a cPanel account was trying to do just that by using curl to...
  2. J

    IP blocked in firewall won't unblock

    We have a customer that's been automatically FTPing a webcam file (that shows the local surf conditions) from IP to every 5 minutes for years. Suddenly, they started getting this: Error message: "connection failed check username and password" We use cPHulk, CSF/LFD, CXS...
  3. F

    cPHulk help newbie Apply protection to local and remote addresses

    Hi, I am a newbie to cPHulk and need some help with the settings. I have enabled it on VPS Please can someone explain in very simple terms (I do not understand exaclty the cpanel documentation on this) the difference between: Apply protection to local addresses only and Apply protection to...
  4. E

    SOLVED Remove IP Address from cPHulk Whitelist via cli/terminal?

    Hi Guys, Is there any command line on how I can remove the IP address in the Whitelist of cPHulk https://docs.cpanel.net/knowledge-base/security/cphulk-management-on-the-command-line/#whitelist-an-ip-address I can only see the Add command "/usr/local/cpanel/scripts/cphulkdwhitelist"...
  5. T

    cpHulk security warning on deactived sshd service.

    Hello, I have a strange security issue. I have deactivated sshd service but cpHulk gave security me this message: A device at the “” IP address has made a large number of invalid login attempts against the account “root”. This brute force attempt has exceeded the maximum number of...
  6. R

    CSF processing order of permit/deny lists?

    In CSF, Questions: 1. what gets processed first - permit lists or block lists? 2. What about permitted ports defined in the "General Configuration -> IPv4 Port Settings" versus the IP permit/block lists - what comes first? 3. I presume a more specific block (x.x.x.x/32) overrides a more...
  7. Spirogg

    In Progress CPANEL-41073 - new update in cPHulk adding IP's to white list or Blacklist does not flag already listed IP's?

    Hello I know this is just an Edge Version cPanel & WHM v105.9999.82 but it seems when you add an IP then add the same IP again it just says it added it to the list. but it should flag it as already listed the other new thing is the # comments so if you add IP # add your comment here...
  8. Spirogg

    WHM cPHulk configuration

    hi, I was wondering about these settings Warning: The command must complete within 15 seconds to avoid a timeout. The following variables may be used in commands: %exptime% - The Unix time when brute force protection will release the block %max_allowed_failures% - Maximum allowed failures to...
  9. Spirogg

    Question about: cPhulk contains outdated country code IP lists after applying a major version updates to cPanel

    just trying to clarify if this is only 1 country we need to turn off then on again or each country I'm assuming its just one but doesn't hurt to ask to make sure? Steven Sublett 20 days ago Updated Unfollow Symptoms cPhulk sends a notification about IPs attempting to log in which are...
  10. A

    CPHulk country block not working

    We have country blocking enabled on our servers using CPHulk for countries we know our clients would never login from. Over the last several days we have seen many IMAP failed login attempts from countries that we have blocked. We see this throughout multiple servers we have running WHM and...
  11. C

    How to export all failed IPs from cpHulk into txt/csv?

    How do I export a list of all the IPs from History Reports section of cpHulk? I've got tens of thousands of failed logins / IPs listed in there from all kinds of random countries (obvious brute force login attempts), and going page by page and copying those IPs would take, oh, I dunno, a month...
  12. S

    Cphulk - not blocking "[WARNING] Sorry, cleartext sessions and weak ciphers" IPs

    My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE: pure-ftpd: ([email protected]) [INFO] New connection from pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions...
  13. I

    Configuración optima de procesos cPanel

    Buenas, actualmente tenemos un servidor dedicado únicamente para cPanel con las siguientes características: 1 TB de almacenamiento 12 GB Ram 8 nucleos CPU Nuestro servidor mantiene principalmente servicios de correo, paginas web, hechas con WordPress y prestashop en su mayoría, y lo que...
  14. E

    Backlisted all Countries into cPHulk Brute Force Protection now blocked

    Hi, by mistake i Backlisted all Countries into cPHulk Brute Force Protection , even ssh is disabled into whm dedicated server. now all login not working. Only a old vps ip is whitelisted into dedicated server how i able to access whm again. i able to gone into rescue mode and mont drive...
  15. K

    cPHulk block login email

    Hi! Why does cPHulk block the email login if the password is correct in case of attack? How can this be avoided?
  16. C

    CPHulk Blocked

    A customer got blocked by CPhulk due to excessive login attempts (pw on email wrong) I have now whitelisted his static IP in both CPHulk and CSF, cleared the blocked IP, checked IP tables and restarted cphulk and dovecot However he is still blocked - emails, domains, cant access the server at...
  17. J

    Cpanel blacklisting itself

    Hello and wishing everyone health. I've been reviewing my cpanel cPHulk history and see frequent repeating entries at specific time periods with a correct username but with an incorrect, mangled domain name and a rip ip address that is my correct server domain ip address. Example...
  18. D

    cPHulk Brute Force Blacklist limit 200 only?

    Hi guys it seems that cPHulk Brute Force Blacklist has a limit of only 200 IP addresses. Is there a way of increasing the blacklist limit?
  19. E

    SOLVED CPHulk read history reports using the command line or API

    Hi, I get daily calls about CSF and CPHulk and now I want to automate reading and removing entries. CSF is well supported via the command line. CPHulk not it seems? Reference documentation for CPHulk: cPHulk Management on the Command Line | cPanel & WHM Documentation I need to read the...
  20. sahostking

    cpHulk Blacklisting all countries

    We are getting many SMTP brute force attacks which causes load on our servers. Now we use many firewall besides not only a hardware firewall infront of servers but also bitninja / CSF. However it does not seem to be working too well as they still get through with distributed attacks to those...