cphulk

  1. S

    SOLVED FTP Connections blocked unless IP added to CPHulk Whitelist

    Hey all, I am having an issue where all FTP connections are timing out. I am working remotely and cannot upload any files. Server is using Pure FTP as the FTP service. I am also running ConfigServer Firewall plugin. But I think all settings in there should be fine. All TCP_IN ports are open...
  2. J

    cPHulk inaccurate country IP matching

    v110 cPHulk is showing 193.42.32.228 as US, but it is actually Netherlands. Is there a way to force an update?
  3. J

    In Progress CPANEL-43160 - cPHulk database issues leading to high cpu user for /usr/sbin/nft --json list ruleset

    Almalinux 8.8.0 standard kvm Cpanel 112.0.7 I see high cpu user for: /usr/sbin/nft --json list ruleset cPHulk has lots of records for One-day Blocks Narrowed it down to cPHulk database issues, hope someone can explain. [root@buy ~]# /usr/local/cpanel/3rdparty/bin/sqlite3...
  4. E

    CPhulk Issues

    Hello, I hope you are doing well. Since many days i am facing some issues with cphulk. Lets suppose I have added some countries in blacklist so nobody should be able to login from that countries. But websites are also not accessible from that country. Another issue i found is i have...
  5. B

    Server's own IP in cpHulk reporting system cpaneld auth failure?

    I've randomly stumbled upon my server's IP in cpHulk History Reports yesterday. So, my server is basically trying to bruteforce its way into one of its own cPanel accounts, it seems. After a quick find in all PHP files, I found that a cPanel account was trying to do just that by using curl to...
  6. J

    IP blocked in firewall won't unblock

    We have a customer that's been automatically FTPing a webcam file (that shows the local surf conditions) from IP 1.2.3.4 to 10.11.12.13 every 5 minutes for years. Suddenly, they started getting this: Error message: "connection failed check username and password" We use cPHulk, CSF/LFD, CXS...
  7. F

    cPHulk help newbie Apply protection to local and remote addresses

    Hi, I am a newbie to cPHulk and need some help with the settings. I have enabled it on VPS Please can someone explain in very simple terms (I do not understand exaclty the cpanel documentation on this) the difference between: Apply protection to local addresses only and Apply protection to...
  8. E

    SOLVED Remove IP Address from cPHulk Whitelist via cli/terminal?

    Hi Guys, Is there any command line on how I can remove the IP address in the Whitelist of cPHulk https://docs.cpanel.net/knowledge-base/security/cphulk-management-on-the-command-line/#whitelist-an-ip-address I can only see the Add command "/usr/local/cpanel/scripts/cphulkdwhitelist 192.0.2.0"...
  9. T

    cpHulk security warning on deactived sshd service.

    Hello, I have a strange security issue. I have deactivated sshd service but cpHulk gave security me this message: A device at the “139.59.26.69” IP address has made a large number of invalid login attempts against the account “root”. This brute force attempt has exceeded the maximum number of...
  10. R

    CSF processing order of permit/deny lists?

    In CSF, Questions: 1. what gets processed first - permit lists or block lists? 2. What about permitted ports defined in the "General Configuration -> IPv4 Port Settings" versus the IP permit/block lists - what comes first? 3. I presume a more specific block (x.x.x.x/32) overrides a more...
  11. Spirogg

    In Progress CPANEL-41073 - new update in cPHulk adding IP's to white list or Blacklist does not flag already listed IP's?

    Hello I know this is just an Edge Version cPanel & WHM v105.9999.82 but it seems when you add an IP then add the same IP again it just says it added it to the list. but it should flag it as already listed the other new thing is the # comments so if you add IP 10.10.10.10 # add your comment here...
  12. Spirogg

    WHM cPHulk configuration

    hi, I was wondering about these settings Warning: The command must complete within 15 seconds to avoid a timeout. The following variables may be used in commands: %exptime% - The Unix time when brute force protection will release the block %max_allowed_failures% - Maximum allowed failures to...
  13. Spirogg

    Question about: cPhulk contains outdated country code IP lists after applying a major version updates to cPanel

    just trying to clarify if this is only 1 country we need to turn off then on again or each country I'm assuming its just one but doesn't hurt to ask to make sure? Steven Sublett 20 days ago Updated Unfollow Symptoms cPhulk sends a notification about IPs attempting to log in which are...
  14. A

    CPHulk country block not working

    We have country blocking enabled on our servers using CPHulk for countries we know our clients would never login from. Over the last several days we have seen many IMAP failed login attempts from countries that we have blocked. We see this throughout multiple servers we have running WHM and...
  15. C

    How to export all failed IPs from cpHulk into txt/csv?

    How do I export a list of all the IPs from History Reports section of cpHulk? I've got tens of thousands of failed logins / IPs listed in there from all kinds of random countries (obvious brute force login attempts), and going page by page and copying those IPs would take, oh, I dunno, a month...
  16. S

    Cphulk - not blocking "[WARNING] Sorry, cleartext sessions and weak ciphers" IPs

    My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE: pure-ftpd: ([email protected]) [INFO] New connection from 154.89.5.82 pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions...
  17. I

    Configuración optima de procesos cPanel

    Buenas, actualmente tenemos un servidor dedicado únicamente para cPanel con las siguientes características: 1 TB de almacenamiento 12 GB Ram 8 nucleos CPU Nuestro servidor mantiene principalmente servicios de correo, paginas web, hechas con WordPress y prestashop en su mayoría, y lo que...
  18. E

    Backlisted all Countries into cPHulk Brute Force Protection now blocked

    Hi, by mistake i Backlisted all Countries into cPHulk Brute Force Protection , even ssh is disabled into whm dedicated server. now all login not working. Only a old vps ip is whitelisted into dedicated server how i able to access whm again. i able to gone into rescue mode and mont drive...
  19. K

    cPHulk block login email

    Hi! Why does cPHulk block the email login if the password is correct in case of attack? How can this be avoided?
  20. C

    CPHulk Blocked

    A customer got blocked by CPhulk due to excessive login attempts (pw on email wrong) I have now whitelisted his static IP in both CPHulk and CSF, cleared the blocked IP, checked IP tables and restarted cphulk and dovecot However he is still blocked - emails, domains, cant access the server at...