1. H

    Huge increase of Dovecot Brute Force

    Anyone else getting bruteforce notices against dovecot? I am up to about 1 per 3 minute. Its coming from a botnet, so no way for me to just block a single IP. There is only a minor mention of a timing vulnerability that i can find online. Is cPanel folks aware of this, or have any...
  2. K

    SOLVED Dovecot policy server HTTP error 9002 after cPanel upgrade

    Hello After upgrading cPanel to cPanel & WHM 64.0 (build 12) customers experience time outs connecting to mail server. In / var/log/messages I see multiple instances of Apr 18 11:25:17 SERVER_NAME dovecot: auth: Error: policy([email protected], xxx.xxx.xxx.xxx,<xxxxxx>): Policy server HTTP error...
  3. M

    cpHulk warnings/auto-block suspended accounts

    We have cpHulk enabled and have been having no problem till after last update. Before last update it was triggering warnings and/or auto-block only active accounts. But now it does even for suspended accounts. The waning message seems ti have also changed. Before last update the waning email...
  4. V

    cPHulk History Reports text does not reflect values from settings

    Guys, I need help, I am not sure if this is a software bug or my mistake in configuring cPHulk. I have set "10" in "Brute Force Protection Period" field in "Configuration Settings" page. But, cPHulk always tells "The system blocks users for 0 minutes." in "History Reports" > "Blocked Users"...
  5. C

    SOLVED Does cPHulk whitelisting deny customer access

    If I enable cPHulk whitelisting and add my own IP's to it, will it deny my customer's access, which do not come from my IP's? I have several customers that log on to cPanel independently. So does whitelisting effect to these connections. If not, to what exactly does whitelisting effect?
  6. T

    Brute Force Protection and commands

    I like to set the correct 1. Command to Run When an IP Address Triggers Brute Force Protection and 2. Command to Run When an IP Address Triggers a One-Day Block Need help what to place as the best practice.
  7. S

    Keep having to reset root password for SSH

    Periodically for some reason I am getting access denied when I try to SSH as root and I need to go into WHM to reset the root password to re-open access. How do I prevent this from happening?
  8. N

    cPHulk whitelist - add comment when whitelisting IP

    Hello, I would like to know if is it possible to add a comment through the following script: /scripts/cphulkdwhitelist <IP> Looking at the code, and looking at the documentation, this doesn't seem to be possible. If this is not possible at the moment, I would like to be able to login to...
  9. U

    cphulkd table marked as crashed and should be repaired

    Hello I still getting the following erros inclusive after run: mysqlcheck --repair cphulkd 170106 17:45:05 [ERROR] /usr/sbin/mysqld: Table './cphulkd/login_track' is marked as crashed and should be repaired 170106 17:45:05 [ERROR] /usr/sbin/mysqld: Table './cphulkd/login_track' is marked as...
  10. L

    SOLVED cPHulk Brute Force Protection - What are the Blacklist Options?

    Hello cPanel When someone tries a Brute Force Attack on my server I get an email to say they've been temporarily blocked, in accordance with my cPHulk settings. I'm given the 4 choices of permanently adding the IP address to a Whitelist/Blacklist? (Blacklist of course!!!) Block just the...
  11. C

    cpHulk auto-block non-existent accounts

    Hi All, I've had cpHulk running for a while now and also added some further protection using the script "update-ipsets" from FireHOL (I don't use the FireHOL product on this server, but the script works without issue). This combination has stopped a large amount of attacks on my system, but...
  12. Guribajwa

    cPHulk Failed Login Emails

    From some month i am getting emails for login failed. That all hacking is blocked by cPHulk but i thinks those are bot check block list down if you can help me please reply User IP Address Service Authentication Service Login Time Expiration Time Minutes Remaining admin system...
  13. A

    The socket is not setup in the Cpanel::Hulk object.

    Hello there; Who is the idea? Thank you. /var/log/maillog dovecot: auth: Error: The socket is not setup in the Cpanel::Hulk object. Do you need to call connect() first? at /usr/local/cpanel/Cpanel/Hulk.pm line 115. dovecot: auth: Error: #011Cpanel::Hulk::_error_with_stack_trace("The socket...
  14. sahostking

    SOLVED Using cPHulk and CSF Together?

    Decided to turn on CpHulk today as we just used CSF mainly and found cpHulk blocking some brute force attacks that CSF is not finding. Looks like it improved alot. Do you guys recommend we still stick with CSF and just find the cause or is using both better now? or just cphulk Lastly here is...
  15. S

    Failed Email Login Attempts Auto IP Block

    Hello Guys and Gals A repeated failed email login attempt by a user led to their IP being blocked by Cpanel. WHM is not installed and is basic Cpanel Setup. Where can one find this list of automated blocked Ips to remove the ip from the list or am I missing something. Take care
  16. W

    cPHulk Ban Questions

    I've got over a hundred login attempts on some IP's - but I thought I got cphulk set up to limit how many attempts before ban... I have Maximum Failures per IP Address in cphulk set to defualt: 5 Maximum Failures per IP Address before the IP Address is Blocked for One Day: 30 Typical in my...
  17. D

    cPHulk Brute Force Protection Confusion

    Hello, On the page link below i found the following statement: Notes: cPHulk does not consider multiple login attempts that use the same IP address, username, and password to be separate failures if they occur within the same six-hour period. last modified by Doc User on Oct 10, 2016...
  18. N

    Brute force not seeing the database

    Hi. I installed Mysql 5.6 and as a result my databases were deleted. I took a backup before I upgraded it. When I imported the backup the brute force couldn't connect with the database. Is there a configuration file or a way to connect the database with the brute force again? Thank you very much.
  19. M

    Blocking visitors from certain countries

    We are seeing increased brute force attacks. These attacks are coming from particular countries, for which we have no clients. We spend valuable time everyday having to blacklist these IPs. This is time wasted. To save time is it possible to block visitors/users from these countries once?
  20. Irwanto

    cPhulk blocked entire office

    i have enabled cphulk and found many failed attempt 1. could you add country IP and provider sender in history report. we are use ID indonesia country, if there are different country is suspicious 2. add button "add to blocked" and "add to whitelist" beside IP to easy add. 3. could you add some...