1. O

    SOLVED cphulk - period - protection or detection ?

    Please clarify this contradiction: cPHulk Brute Force Protection - Version 70 Documentation - cPanel Documentation This sounds like it's a PROTECTION period (as labeled). i.e. how long the block will last. "failures...within the Brute Force Protection Period" <= Now it sounds like this is...
  2. Spirogg

    cPHulk not working ?

    hi i tried out imunify360 and also have installed cloudlinux for my server centos 7 with cagefs and kernel care the issue was to many false positives that it made one of my scripts to not work correctly, so I uninstalled only imunify360, and there modsec rules - now i dont see anyone IP as i...
  3. D

    SOLVED [CPANEL-23096] Display a warning when cPHulk brute force protection periods are higher than 1440

    I´m trying to disable cPHulk´s Username-based Protection. But when i click the disable button and save,the settings are not saved. I reload the page and Username-based Protection continue enabled. Is there any way to repair the cPHulk installation or any command line to disable...
  4. A

    cPhulkd is it necessary?

    Hello, I was browsing around for answers regarding the cphulkd appearing often on my process list in htop and found this: cPHulk Management on the Command Line - cPanel Knowledge Base - cPanel Documentation I was struggling with that as well. cphulkd seems to be eating up resources in htop...
  5. R

    What operations might clear out cPHulk whitelist and blacklist ?

    We started getting client distress calls one morning, and found that cPHulk whitelist and blacklist were completely wiped out. The only thing we know of that was done prior to the issue was an engineer added shell access to some accounts. Is there anything well-known that would wipe out cPHulk...
  6. M

    cphulk only for some ports

    Hello I want to keep ftp, cpanel and whm closed out of the country I live in but I wish that webmail and emails work from anywhere in the world. CPHULK does not have the option to choose the port that I want to exclude from monitoring. So I renamed the webmaild and dovecot files to webmaild1...
  7. B

    cPHulk blocks IP's after 5 attempts, no matter what the value is set at?

    Hi, cPHulk is (and always was) set to 50 maximum failures per IP address, but it seems like since I upgraded to WHM 66.0 a couple weeks ago, it's now always blocking the IP addresses after only 5 attempts, no matter what the "maximum failures per IP address" value is set at. I've always been...
  8. R

    How do I know if cPanel Brute Force protection is working?

    I'm getting a lot of people trying to access my server, I've turned on cphulk and checked the box the block IP addresses at the firewall level if they trigger brute force protection. These IP's aren't being added to the manual IP blacklist tab though. Is there another list being created...
  9. D

    Import list to cPHulk?

    Is there any way to import a large blacklist into cPHulk? If CPanel does not offer this option, is there any way to do this via the command line? Where is the blacklist stored? Can I edit it? Is it a database? Is it a file? Thanks in advance! *CENTOS 6.9 virtuozzo | CPanel & WHM Version v66.0.23
  10. bgarrant

    cPHulk and Hardware Firewall Question

    I have a cpanel server with a Juniper SRX 300 firewall. We block all ports other than web and email. FTP and cPanel access is whitelist only for client IPs. Since I have cphulk and a hardware firewall what extra benefit would CSF be if any? I tried CSF and it conflicts with our VPN since the...
  11. E

    SOLVED Cannot login to WHM

    HI me is taransfer backup to server and lougout server and not login server. but login server console server plz hellp me.
  12. paulapatrice

    SOLVED cPHulkd Failing Repeatedly

    Set up a VPS and updated it to easyApache4 by importing a profile from a previously-configured, smooth-running server. Also imported the Tweak Settings config. New VPS ran cPanel & WHM ver 64, build 33. cPanel updates are set to manual. After running the VPS without errors for approx 2 weeks I...
  13. T

    cPhulkd Error Log takes too much space

    Hi guys, i need help on cphulkd_error.logs For some reason it takes too much space in my server ( please see screenshot ) and i cannot delete it.
  14. E

    About IPs on cPhulk

    Hello, i added a group of my IPs on cpHulk to Allow the access on WHM and i added ALL to DENY access on WHM.. Now i cant login there on WHM from my computer and i see : HTTP error 401 You do not have permission to access this page. How can i remove IPs on cpHULK from SSH ? Thank you
  15. L

    SOLVED cphulkd much too agressive

    Hello, I recently signed up to a web hoster using cPanel. After setting up a single email account and having it sync'ed with 3 clients. I get blocked *all the time*. Since I'm on a dynamic IP, what do I request from my hosting provider? I can't simply ask them to whitelist me, and they're...
  16. W

    cPHulk blocking issue

    Hi all, I'm getting a lot of complain from client that their they unable to connect to the server, every time I check is due to their IP blocked because of several time of fail login attempt to their email account. So my question is: 1. Why is there so many fail attempts from my client although...
  17. L

    cpHulk SMS notifications stopped

    Hello, Sometime around May 2nd, I stopped receiving SMS notifications from cpHulk on my VPS. I didn't change any configuration, and I've tested that my VPS can still send SMS using the AT&T text message email address from the command line using "mail". I didn't change any config settings...
  18. D

    SOLVED cphulkd service is down

    Today I changed a couple of settings. I set `PermitRootLogin without-password` in my sshd_config I enabled 2 factor authentication I enabled SMTP Restrictions and finally as instructed by the Security Advisor page, I performed a graceful restart so some updated stuff can restart. Since making...
  19. M

    cPHulk - Email Individual cPanel Account When Attacks are Blocked?

    When CPHulk detects an attack, it sends an email to the root WHM user by default which is great. Is it possible to send the same notification to the cPanel account owner that is being attacked, if this account exists. Looking to raise awareness for cPanel account owners of the attacks that are...
  20. N

    SOLVED cPHulk with CSF?

    I want to make 2 questions: 1- Is good tactic to have both cPHulk and CSF enable? I setup csf to block SMTP, IMAP, POP3 attempts! So is good choice to have also cPHulk run? 2- If cPHulk blogs a bruteforce attack for an email is possible no one (include legitimate users) can't login to emails...