cPHulk notification email links don't work

Bloke2

Well-Known Member
Feb 4, 2015
81
4
58
cPanel Access Level
Root Administrator
I get email notifications "Excessive Number of Failed Login Attempts from IP ..." When I click on the link in the email URL to add them to the black list it says it can't find the server. What do i need to change?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
I get email notifications "Excessive Number of Failed Login Attempts from IP ..." When I click on the link in the email URL to add them to the black list it says it can't find the server. What do i need to change?
Hello :)

Could you let us know which version of cPanel is installed on your system? EX:

Code:
cat /usr/local/cpanel/version
Thank you.
 

Bloke2

Well-Known Member
Feb 4, 2015
81
4
58
cPanel Access Level
Root Administrator
11.48.0 (build 12) Maybe it has something to do with the firewall. What I have had to do was go to the link and copy the ip address and paste it in CPHulk.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
The issue you have described should have been addressed with internal case number 160929 in cPanel version 11.48.0.11. Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
You don't have to be a direct customer to open a support ticket. You simply need root access to your server.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
I am happy to see you were able to determine the cause of the issue. Thank you for updating us with the outcome.
 

Bloke2

Well-Known Member
Feb 4, 2015
81
4
58
cPanel Access Level
Root Administrator
Is there anyway to set it up so these ip addresses get added automatically? Since I got the new server set up I get about 3 emails a day with ip addresses to add to the blacklist.

Is this a normal about of "Excessive Number of Failed Login Attempts" emails?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
You can see all of the configuration options for cPhulk at:

"WHM Home » Security Center » cPHulk Brute Force Protection"

You only have to add the IP address to the blacklist if you want to block it permanently.

Thank you.
 

Bloke2

Well-Known Member
Feb 4, 2015
81
4
58
cPanel Access Level
Root Administrator
Ok so from what I can tell it won't add then automatically. So is there any harm if I don't add them to the blacklist? Is about 3 emails a day, is this a normal amount of email notifications?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
There's no normal amount of emails, as it just depends on how often brute force attempts are made on your server. You don't have to add those IP addresses to the blacklist unless you notice those same IP addresses continue to make brute force attempts.

Thank you.
 

Bloke2

Well-Known Member
Feb 4, 2015
81
4
58
cPanel Access Level
Root Administrator
Thanks. Just trying to be extra cautious. When I get the email it has three links. One is single IP, then /24 and /16 what should I enter? I was putting all three.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Thanks. Just trying to be extra cautious. When I get the email it has three links. One is single IP, then /24 and /16 what should I enter? I was putting all three.
Those are provided in-case you want to block more than just the individual IP address:

CIDR Notation

Thank you.