1. N

    All Traffic Seen as Gateway IP by cphulk

    Hello, After investigating some of your run-of-the-mill cphulk blocks, I realized the reason my whitelist isn't working is that cphulk is seeing all traffic as the gateway IP ( and brute forcing bots are getting that IP temp banned. Clearly I've taken a wrong turn somewhere in...
  2. O

    cPHulk show our server IP address

    Hello, When I check the server for brute force attack, in the IP section it shows the IP of our server, and in the Authentication Service section it shows dovecot, country LT, although the server is not even in this country. Can someone explain why it shows the IP of our server?
  3. S

    cPhulk affects on TTFB?

    Hello, It is possible impact cPhulk on TTFB? This should not affect but our client had a bad TTFB. We cleaned over 30k record in cPhulk and now the TTFB is better. Best regards
  4. K

    CPHulk locked all access

    We enabled country blocking on our server and CPhulk blocked everything, web and ssh, even blocked access to hosted sites. I tried the following; /usr/local/cpanel/bin/cphulk_pam_ctl --disable /usr/local/cpanel/etc/init/stopcphulkd but cphulk would restart. I then tried; whmapi1...
  5. jrxpress

    cPHulk Brute Force Protection

    I am getting this annoying warning each time I press "Remove Blocks and Clear Reports" from the History Reports on cPHulk Brute Force Protection. I have a Virtuozzo dedicated server with GoDaddy and they couldn't provide any help. Is there a way to fix it? Since it started a few versions ago...
  6. K

    cPhulk Countries / Regions management

    I have 2 Questions regarding CpHullk : 1 - How does the Regions VS. Countries priority work ? I have AP (AP) Listed as a Country in the CpHulk countries list. I assume this is AP = ASIA PACIFIC as a region. The second region would be EU. So my question is : If I blacklist ( or Whitelist )...
  7. T

    cPHulk Configuration Question

    Maybe I don't understand how cPHulk is suppose to work. If have for example Russia blacklisted under the Countries, and I have Maximum Failures per IP Address set to 3 Maximum Failures by Account set to 3 Maximum Failures per IP Address before the IP Address is Blocked for One Day set to 4...
  8. T

    SOLVED [CPANEL-27445] Excessive cPHulk notifications for blacklisted IPs and Countries

    Updated to v80.0.10 tonight. After the updated, I started getting brute force attempts from countries that I already had blacklisted. I did not change any of my cPHulk BFP setting. Any ideas?
  9. E

    SOLVED cPhulkd process did not start after restart

    Hello, I have cPanel and dns version 78.0.21 and cphulk process after restart of dns server did not start. In messages: [[email protected] log]# grep "cphulkd" messages May 7 08:03:33 dns2 systemd: PID file /var/run/cphulkd_processor.pid not readable (yet?) after start. May 7 08:03:44 dns2 systemd...
  10. L

    cPHulkd blocking

    I've spent a good deal of time, reached out to my server host, and was told I need to ask here. I have roundcube and horde disabled from accounts as they are not used. My logs are full of blocks for latest examples: (email removed - non existant email - all the same in this example)...
  11. O

    IPv6 blocking, country blocking and access

    Folks, This is my first post on this forum. Great information here, can believe I haven't joined this forum till now. I have had a Dedicated Server for a few years now (running WHM) and never really paid too much mind to security (as I didn't know much about the subject). For someone not of an...
  12. R

    SOLVED The service cphulkd appears to be down

    Hello Everyone, First time posting in these forums. We're getting the following message on a daily basis it seems. Normally a message follows immediately afterwards that the service has recovered. I'm not a Cpanel expert but I've tried looking through the logs but I'm not finding anything...
  13. V

    SOLVED [CPANEL-26599] cphulk is shown as down in initial install

    Hello In v78.0.20 version, it appears cphulkd down in service status in clean cpanel installation. There is no error when cphulkd restarts. [[email protected] ~]# /usr/local/cpanel/scripts/restartsrv_cphulkd Waiting for “cphulkd” to restart gracefully ………………waiting for “cphulkd” to initialize...
  14. A

    SOLVED What is the cpaneld service as reported by cPHulk?

    Before the flame war starts over me not searching or Googling this first, I did. Google thinks "cpaneld" = "cpanel". If you put the entire question in quotes "what is cpaneld", Google yields no results. And this own forum's search for "cpaneld" yields a thousand results of folks pasting code...
  15. R

    SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications

    I have the following problem: - server ip added to whitelist in cPHulk - even though cPHulk blocked the IP for one day in iptables Here is a log entry: [2019-03-26 07:45:42 +0100] info [cPhulkd] Login Blocked: IP reached maximum auth failures for a one day block [Service]=[dovecot] [Local IP...
  16. chanklish

    SOLVED cphulk firewall blocking duration

    hello awesome people i am facing very large numbers of failed logins blocked by the CPhulk most of the login are from spoofed emails ( which till now i dont have a solution for ) so mostly are not very dangerous i receive around 50 login failure every hour - yet it is not blocking the ip of the...
  17. F

    Understanding cPHulk configuration settings

    Under the basic configuration settings of cPHulk, I see the following: I just can't seem to understand what exactly this setting means even after reading it multiple times. Can someone explain it to me in simple plain terms with some example. Thanks a lot.
  18. keat63

    How to identify which device is failing?

    I've a user problem which is driving me up the wall. (pop3d) Failed POP3 login from xx.xx.xx.xx, this eventually results in a CSF block, locking her out entirely. The user has 3 devices, Laptop, Tablet, Iphone. I can't resolve this at her premise, as the resulting lock out, will also lock me...
  19. L

    Adding a custom service to cPhulkd

    Hello, I've been facing a huge wave of brute force attempts to WordPress logins lately and poking with a more robust solution for blocking it. I have a custom rule in apache that's able to 401 an IP that has 'x' failed logins attempts. But lately, that's not being enough. I believe with the...
  20. C

    cPHulk blacklist deny login but not view website?

    Hi If I have got this corretly, if I blacklist an IP, it totally deny's login in but it also deny's viewing any website in that WHM server. Is there a way to block login, or allow login only from known IP's but allow to view any website in that WHM server?