Using the CPHulk brute force protection firewall

  Print

Using the CPHulk brute force protection firewall


CPHulk is the inbuilt protection in cPanel to prevent a server falling victim to brute force login attempts. To understand why CPHulk can block you, you need to know what a brute force attack is.

Brute Force Attacks

Simply put, a brute force is a password guessing technique that consists of trying to login with a user name and password over and over, changing either the username and/or the password if not successful. Given enough time even a moderately secure, random character password can fall victim to this as some attackers will try every combination they can if given the chance. CPHulk will detect and block these attacks by checking for failed login attempts. This can affect you if the failed logins are originating from your internet connection. The steps below will guide you on how to unblock yourself depending on the access you have.

For more control over ports and allowed IPs, you can also use the CSF firewall tool as described in this guide.

Unblocking in WHM

If you still have access to WHM, you can unblock an IP address using the steps below.

Step 1 - Log into WHM and navigate to cPHulk Brute Force Protection.

d0fe8855529dd3d64a63dc44b58ad3bcdf746137?t=d3c5a9f97188fa56e5e422f2f99d5a2f


Step 2 - Click on the Blacklist Management tab, find your IP in the list, and then select Delete.

7b0587011a09fd68d8433a9b7393dc823bb67d3a?t=b24e95806a8920714fcb4567de5ae587



You can also Whitelist your IP in the Whitelist Management tab, by adding your IP and clicking Add. This will ensure that it is not blocked in CPHulk again. We would only recommend Whitelisting trusted, static IPs.

2da295e3c656d66a77ff40292147d73e3f9fb888?t=c2ca63997a89892ed33cbb622b8435ae

Unblocking in Console
If you are blocked from WHM, you can unblock an IP address using the steps below.

Step 1 - Login via SSH.

Step 2 - Run the following commands:
  • mysql -u root
  • use cphulkd;
  • SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
  • DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
  • exit;


Did you find this article useful?  

Related Articles

© Crucial