1. bgarrant

    ConfigServer Firewall vs Juniper SRX 300 with cPHulk

    I have a single cPanel server and it is currently protected by a Juniper SRX 300 Hardware Firewall and CPHulk. I would really like to remove the hardware firewall and go back to use CSF, but I am wondering if anyone can advise on what I would lose or gain in making the change? I know CSF can do...
  2. B

    SOLVED cpHulk failed attempts list is now permanently empty?

    Hi, not sure if this is directly related to the server switch I made 2 months ago from CentOS 6 to CentOS 7.5 but cpHulk failed attempts list is now permanently empty, altough cpHulk is activated. I'm used to seeing at least 10 failures an hour from China and such, so there's something wrong...
  3. P

    Login Denied Country is Blacklisted?

    I was unable to access my own server because of "-ERR [AUTH] LOGIN DENIED -- COUNTRY IS BLACKLISTED" (that's what my email received, putty / WHM just deny access). I suppose that's because I'm using the new feature that sets a list of countries to deny instead of using my own list of IPs...
  4. P

    cPHulk not completely working

    I've had cPHulk enabled for a few days now and have set it to block all countries except mine. In the History reports section, I have noticed that it works and has successfully blocked login attempts since the number of reports has gone down significantly. However I noticed that there are still...
  5. T

    cPHulk Daemon enabled or not?

    The server does not currently monitor the “cPHulk Daemon” service. Should be enabled as a good practice?
  6. M

    SOLVED How does blacklisting countries in cphulk work ?

    Hello here : CLOUDLINUX 7.5 standard [is30] v70.0.51 with CSF/LFD due to non-stop brute-force on email-accounts, I've activated CPHulk and used the new tab "Countries Management" and did set a country to "blacklisted" : OK. But looking at the maillog, and the LFD blocking actions on imapd...
  7. K

    Problem Saving Settings for cPhulk

    Hi, I am having a buggy issue with Cphulk, I am not able to save the configuration setting changes. Save button is dead/not working when I made any change to any config parameter like failure per ip, blocked per ip etc., its not allowing me to update those changes. Please let me know If any one...
  8. D

    cPhulkd causing soft lockup

    cPhulkd seems to be the culprit in an issue that's locking up the server. From our logs: kernel: NMI watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [cPhulkd - proce:4599] After a reboot, it's back again: kernel: NMI watchdog: BUG: soft lockup - CPU#4 stuck for 22s! [cPhulkd - proce:5572]...
  9. D

    cPHulk Countries Management Question

    Hi, I really like this feature too. I also have question, IS this feature blocking both frontend and backend OR just block backend (root access such as whm)? How do i block just backend and still allow users access frontend? Thank you
  10. W

    SOLVED Configserver deny listing IPs blacklisted by cPHulk Country blocks?

    Hi, Noticed an unanswered thread over on Configserver forum which also applies to me. My Configserver "deny list" includes IPs which should have been blocked by cPHulk Country blacklists - is there an order of precedence in operation here where cPHulk Country blacklists only kick-in AFTER...
  11. W

    Thanks for cPHulk Countries Management!

    I've just started using the cPHulk Countries Management feature and wanted to say a word of "Thanks" to cPanel. :) I tested with initially blacklisting only 3 countries, who were the biggest culprits in the ConfigServer Deny list. After only 10 minutes, the cPHulk log file showed 26 blocked IPs...
  12. keat63

    CSF blocked IP tries again

    I have a post open on the CSF forum, but I guess CSF devs don't monitor that forum as i've never seen an official answer, so I'm posting the same on here to see if anyone can explain. I see in my logs a small number of failed logins from an IP, which was then blocked in CSF at 00:04am...
  13. D

    SOLVED Add country to cPHulk History Reports

    In cPHulk's "History Reports", the "Failed Logins" report shows the IP address of each failed login. Perhaps also show the country.
  14. N

    SOLVED cphulk country whitelist using cli?

    Hi, There is a cli script to add a IP to the cphulk white list or black list : /scripts/cphulkdwhitelist or /scripts/cphulkdblacklist But now in cpanel 70, how I can add country to the whitelist/blacklist using cli commands? We work with ansible, and the "cli" is a must, we have to send a...
  15. L

    cPHulk Countries Management: Any Performance Penalty?

    I love the new Countries Management feature in v. 70 CPHulk! Is there any performance penalty based on the number of countries blacklisted? It seems like ideally one would block all the countries except the one(s) where clients live.
  16. E

    cphulkd internal errors

    Hello all, We are getting the same error in this 2 year old thread, so we are opening a new thread: cphulkd internal errors This is our version: Apr 11 05:30:06 web1 dovecot: auth: Error: Cpanel::MailAuth: Brute force checking was skipped because cphulkd failed to process...
  17. psytanium

    cphulk fail every 15 min

    Hello, cphulk fail then recover every ~15 min What could be the problem ? I was reading on this forum a similar problem, the reason was low memory, but in my case I have free 6GB memory ram. Thank you for supporting :)
  18. O

    SOLVED cphulk - period - protection or detection ?

    Please clarify this contradiction: cPHulk Brute Force Protection - Version 70 Documentation - cPanel Documentation This sounds like it's a PROTECTION period (as labeled). i.e. how long the block will last. "failures...within the Brute Force Protection Period" <= Now it sounds like this is...
  19. Spirogg

    cPHulk not working ?

    hi i tried out imunify360 and also have installed cloudlinux for my server centos 7 with cagefs and kernel care the issue was to many false positives that it made one of my scripts to not work correctly, so I uninstalled only imunify360, and there modsec rules - now i dont see anyone IP as i...
  20. D

    SOLVED [CPANEL-23096] Display a warning when cPHulk brute force protection periods are higher than 1440

    I´m trying to disable cPHulk´s Username-based Protection. But when i click the disable button and save,the settings are not saved. I reload the page and Username-based Protection continue enabled. Is there any way to repair the cPHulk installation or any command line to disable...