cphulk

I've randomly stumbled upon my server's IP in cpHulk History Reports yesterday. So, my server is basically trying to bruteforce its way into one of its own cPanel accounts, it seems. After a quick find in all PHP files, I found that a cPanel account was trying to do just that by using curl to...

We have a customer that's been automatically FTPing a webcam file (that shows the local surf conditions) from IP 1.2.3.4 to 10.11.12.13 every 5 minutes for years. Suddenly, they started getting this: Error message: "connection failed check username and password" We use cPHulk, CSF/LFD, CXS...

Hi, I am a newbie to cPHulk and need some help with the settings. I have enabled it on VPS Please can someone explain in very simple terms (I do not understand exaclty the cpanel documentation on this) the difference between: Apply protection to local addresses only and Apply protection to...

Hi Guys, Is there any command line on how I can remove the IP address in the Whitelist of cPHulk https://docs.cpanel.net/knowledge-base/security/cphulk-management-on-the-command-line/#whitelist-an-ip-address I can only see the Add command "/usr/local/cpanel/scripts/cphulkdwhitelist 192.0.2.0"...

Hello, I have a strange security issue. I have deactivated sshd service but cpHulk gave security me this message: A device at the “139.59.26.69” IP address has made a large number of invalid login attempts against the account “root”. This brute force attempt has exceeded the maximum number of...

In CSF, Questions: 1. what gets processed first - permit lists or block lists? 2. What about permitted ports defined in the "General Configuration -> IPv4 Port Settings" versus the IP permit/block lists - what comes first? 3. I presume a more specific block (x.x.x.x/32) overrides a more...

Hello I know this is just an Edge Version cPanel & WHM v105.9999.82 but it seems when you add an IP then add the same IP again it just says it added it to the list. but it should flag it as already listed the other new thing is the # comments so if you add IP 10.10.10.10 # add your comment here...

hi, I was wondering about these settings Warning: The command must complete within 15 seconds to avoid a timeout. The following variables may be used in commands: %exptime% - The Unix time when brute force protection will release the block %max_allowed_failures% - Maximum allowed failures to...

just trying to clarify if this is only 1 country we need to turn off then on again or each country I'm assuming its just one but doesn't hurt to ask to make sure? Steven Sublett 20 days ago Updated Unfollow Symptoms cPhulk sends a notification about IPs attempting to log in which are...

We have country blocking enabled on our servers using CPHulk for countries we know our clients would never login from. Over the last several days we have seen many IMAP failed login attempts from countries that we have blocked. We see this throughout multiple servers we have running WHM and...

How do I export a list of all the IPs from History Reports section of cpHulk? I've got tens of thousands of failed logins / IPs listed in there from all kinds of random countries (obvious brute force login attempts), and going page by page and copying those IPs would take, oh, I dunno, a month...

My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE: pure-ftpd: ([email protected]) [INFO] New connection from 154.89.5.82 pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions...

Buenas, actualmente tenemos un servidor dedicado únicamente para cPanel con las siguientes características: 1 TB de almacenamiento 12 GB Ram 8 nucleos CPU Nuestro servidor mantiene principalmente servicios de correo, paginas web, hechas con WordPress y prestashop en su mayoría, y lo que...

Hi, by mistake i Backlisted all Countries into cPHulk Brute Force Protection , even ssh is disabled into whm dedicated server. now all login not working. Only a old vps ip is whitelisted into dedicated server how i able to access whm again. i able to gone into rescue mode and mont drive...

Hi! Why does cPHulk block the email login if the password is correct in case of attack? How can this be avoided?

A customer got blocked by CPhulk due to excessive login attempts (pw on email wrong) I have now whitelisted his static IP in both CPHulk and CSF, cleared the blocked IP, checked IP tables and restarted cphulk and dovecot However he is still blocked - emails, domains, cant access the server at...

Hello and wishing everyone health. I've been reviewing my cpanel cPHulk history and see frequent repeating entries at specific time periods with a correct username but with an incorrect, mangled domain name and a rip ip address that is my correct server domain ip address. Example...

Hi guys it seems that cPHulk Brute Force Blacklist has a limit of only 200 IP addresses. Is there a way of increasing the blacklist limit?

Hi, I get daily calls about CSF and CPHulk and now I want to automate reading and removing entries. CSF is well supported via the command line. CPHulk not it seems? Reference documentation for CPHulk: cPHulk Management on the Command Line | cPanel & WHM Documentation I need to read the...

We are getting many SMTP brute force attacks which causes load on our servers. Now we use many firewall besides not only a hardware firewall infront of servers but also bitninja / CSF. However it does not seem to be working too well as they still get through with distributed attacks to those...