Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPHulk Ban Questions

Discussion in 'Security' started by workingl, Nov 15, 2016.

  1. workingl

    workingl Registered

    Nov 15, 2016
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Website Owner
    I've got over a hundred login attempts on some IP's - but I thought I got cphulk set up to limit how many attempts before ban...

    I have Maximum Failures per IP Address in cphulk set to defualt: 5
    Maximum Failures per IP Address before the IP Address is Blocked for One Day: 30

    Typical in my login_log file is to see way more than 30 or 5 of the same lines:

    [2016-11-11 15:41:55 +0000] info [cpsrvd] - [username] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user [username]) has locked out IP (2)

    If they've been locked out trying to brute force with the same IP and [username] why isn't cphulk banning the ip?
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello @workingl,

    cPHulk will only block the IP address at the firewall level when the following option is enabled under "One-Day Blocks" or "IP Address-based Protection":

    "Block IP addresses at the firewall level if they trigger brute force protection"

    Note this option is not available on Virtuozzo environments. Documentation on cPHulk Brute Force Protection is available at:

    cPHulk Brute Force Protection - Documentation - cPanel Documentation

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice