Brand new install, CPHulk links broken


May 1, 2015
cPanel Access Level
Root Administrator
Just installed CPanel/WHM on a brand new server, and have already encountered a problem: in CPHulk EMail notifications, the links to blacklist or whitelist IPs/ranges do not work. More specifically, the links work in that they take you to the in page, which a loads - but it's impossible to actually login via that page. So the links work, but not as they're supposed to.

After entering the password & clicking the "Proceed..." button, I'm just getting an endless loop - it sends me back to the same page, with the same unhelpful error message:

HTTP error 401
Invalid Security Token

I've checked on another CPanel server that I manage - it appears to be broken in the same way (the same vague error message about an "Invalid Security Token,") but the login actually works on that server.

This is a brand new server, running the current release version of CPanel/WHM (88.0.5) - and the only configuration that I've done with CPHulk so far was to enable it, and copy some settings from another server where the CPHulk links do work correctly. Which all indicates that is issue is due to some kind of glitch/error in CPanel. Please advise when it will be fixed, or at least the steps to work around it.


Product Owner II
Staff member
Nov 14, 2017

I don't see a broken link here what I do see is the following error:

HTTP error 401
Invalid Security Token
The requested URL does not contain your session’s correct security token.

You may have reached this error by copying and pasting a URL from a different cPanel, WHM, or Webmail session into your browser’s address bar. To resolve this situation, please take one of the following steps:

  • Go back one page and reload the URL, making sure that the /cpsess … / section of the URL remains the same.
  • Re-enter your account’s password below. This will assign your session a new security token. This new token will prevent you from using other pages of this application that may be open in other tabs.
Request information
Requested page: scripts7/cphulk/whitelist
Parameter nameParameter value

Which is to be expected as the URL provided in the email not only would not have a current cpsession ID but also SHOULDN'T have one for security reasons. This way it forces you to enter your password. Once the password is entered I found no issues with logging in. This is absolutely the intended behavior for this.

For the server where you're not able to proceed when entering a valid root password what is output in the error logs for this at /usr/local/cpanel/logs/error_log