cphulk

Hey all, I am having an issue where all FTP connections are timing out. I am working remotely and cannot upload any files. Server is using Pure FTP as the FTP service. I am also running ConfigServer Firewall plugin. But I think all settings in there should be fine. All TCP_IN ports are open...

v110 cPHulk is showing 193.42.32.228 as US, but it is actually Netherlands. Is there a way to force an update?

Almalinux 8.8.0 standard kvm Cpanel 112.0.7 I see high cpu user for: /usr/sbin/nft --json list ruleset cPHulk has lots of records for One-day Blocks Narrowed it down to cPHulk database issues, hope someone can explain. [root@buy ~]# /usr/local/cpanel/3rdparty/bin/sqlite3...

Hello, I hope you are doing well. Since many days i am facing some issues with cphulk. Lets suppose I have added some countries in blacklist so nobody should be able to login from that countries. But websites are also not accessible from that country. Another issue i found is i have...

I've randomly stumbled upon my server's IP in cpHulk History Reports yesterday. So, my server is basically trying to bruteforce its way into one of its own cPanel accounts, it seems. After a quick find in all PHP files, I found that a cPanel account was trying to do just that by using curl to...

We have a customer that's been automatically FTPing a webcam file (that shows the local surf conditions) from IP 1.2.3.4 to 10.11.12.13 every 5 minutes for years. Suddenly, they started getting this: Error message: "connection failed check username and password" We use cPHulk, CSF/LFD, CXS...

Hi, I am a newbie to cPHulk and need some help with the settings. I have enabled it on VPS Please can someone explain in very simple terms (I do not understand exaclty the cpanel documentation on this) the difference between: Apply protection to local addresses only and Apply protection to...

Hi Guys, Is there any command line on how I can remove the IP address in the Whitelist of cPHulk https://docs.cpanel.net/knowledge-base/security/cphulk-management-on-the-command-line/#whitelist-an-ip-address I can only see the Add command "/usr/local/cpanel/scripts/cphulkdwhitelist 192.0.2.0"...

Hello, I have a strange security issue. I have deactivated sshd service but cpHulk gave security me this message: A device at the “139.59.26.69” IP address has made a large number of invalid login attempts against the account “root”. This brute force attempt has exceeded the maximum number of...

In CSF, Questions: 1. what gets processed first - permit lists or block lists? 2. What about permitted ports defined in the "General Configuration -> IPv4 Port Settings" versus the IP permit/block lists - what comes first? 3. I presume a more specific block (x.x.x.x/32) overrides a more...

Hello I know this is just an Edge Version cPanel & WHM v105.9999.82 but it seems when you add an IP then add the same IP again it just says it added it to the list. but it should flag it as already listed the other new thing is the # comments so if you add IP 10.10.10.10 # add your comment here...

hi, I was wondering about these settings Warning: The command must complete within 15 seconds to avoid a timeout. The following variables may be used in commands: %exptime% - The Unix time when brute force protection will release the block %max_allowed_failures% - Maximum allowed failures to...

just trying to clarify if this is only 1 country we need to turn off then on again or each country I'm assuming its just one but doesn't hurt to ask to make sure? Steven Sublett 20 days ago Updated Unfollow Symptoms cPhulk sends a notification about IPs attempting to log in which are...

We have country blocking enabled on our servers using CPHulk for countries we know our clients would never login from. Over the last several days we have seen many IMAP failed login attempts from countries that we have blocked. We see this throughout multiple servers we have running WHM and...

How do I export a list of all the IPs from History Reports section of cpHulk? I've got tens of thousands of failed logins / IPs listed in there from all kinds of random countries (obvious brute force login attempts), and going page by page and copying those IPs would take, oh, I dunno, a month...

My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE: pure-ftpd: ([email protected]) [INFO] New connection from 154.89.5.82 pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions...

Buenas, actualmente tenemos un servidor dedicado únicamente para cPanel con las siguientes características: 1 TB de almacenamiento 12 GB Ram 8 nucleos CPU Nuestro servidor mantiene principalmente servicios de correo, paginas web, hechas con WordPress y prestashop en su mayoría, y lo que...

Hi, by mistake i Backlisted all Countries into cPHulk Brute Force Protection , even ssh is disabled into whm dedicated server. now all login not working. Only a old vps ip is whitelisted into dedicated server how i able to access whm again. i able to gone into rescue mode and mont drive...

Hi! Why does cPHulk block the email login if the password is correct in case of attack? How can this be avoided?

A customer got blocked by CPhulk due to excessive login attempts (pw on email wrong) I have now whitelisted his static IP in both CPHulk and CSF, cleared the blocked IP, checked IP tables and restarted cphulk and dovecot However he is still blocked - emails, domains, cant access the server at...