cphulk keeps preventing me from accessing the server

This is a maddening problem. Since cphulk can lock out an account, attackers love it because it's a built-in way to DOS the server. They just keep hammering away at the root account, which constantly re-locks it. As stated by the cPanel staff above, you can set that value to some arbitrarily high number, but odds are it will be reached quickly anyway.

Since this also prevents wheel accounts from su'ing into root and prevents root logins from the console, it's an extremely effective way to kill a server. The only way back in is to reboot into single user mode, rip cphulk out by its roots (a VERY satisfying experience). Unfortunately that's not always possible (Xen VPS, for example). The end result is that with a handful of IPs, a bored script kiddy can turn cPanel's built-in security against it and lock out the root account indefinitely.

Insane.

 

ARGH! This is getting absolutely ridiculous now! I haven't been able to get any work done all day because I can't get into my own server!

How hard can it be to add an option to just disable blocking by username?! I actually tried setting that value to 0 when I finally got back in after having this issue a couple of weeks ago (I couldn't find it documented anywhere what this would do, so all I could do was try it)... but instead of disabling it as I'd hoped, it instantly locked me out completely! I only managed to get back in and change the setting back by remotely accessing a computer somewhere else which did have a static IP which I had previously whitelisted, but unfortunately this is no longer available.

Or allow attempts from certain countries to be blocked immediately without counting against limits... it already shows the country on all the emails I'm getting every couple of minutes (and none of the attempts are ever from here), so surely that can't be difficult to implement when it already fetches that information each time?

Or allow the root username to be changed so that they can't just go straight for it.

Or... and I know this might seem like a crazy idea if you can't even do any of the above, but how about allowing a dynamic DNS hostname to be entered in the whitelist, which is resolved to its actual IP address every so often? Even if it's a separate field with only a single entry rather than being able to enter these directly into the whitelist, it would still be a huge help.

But no... none of these things are actually possible in this control panel which I'm paying £19 every month for, even though people have been having this issue for years! Not everyone has a static IP, it's really about time you guys realised that and implemented SOME sort of solution for this!

 

we just disable cphulk and use LFD/CSF it basically does the same thing without locking accounts
cphulk is annoying

 

It's nice to see IP blocking in the changes.

Is there an option to never block on username alone, or to never lock out root? The number one problem for years with cPhulk is locking out legitimate administrators. I see numerous tickets for this on a daily basis, many times people assume they've been hacked and their root PW changed.

 

We do the same every chance we get. Sometimes however customers enable it, and within a day their server is "hacked" because root can't login.

Thanks for the link to the feature request.