What is CPHulk and why is it blocking me from my server?

To make it easier to get in touch with us, from the 24th of March 2016 all support tickets will need to be submitted from your Crucial Control Panel.

CPHulk is the inbuilt protection in cPanel to prevent a server falling victim to brute force login attempts. To understand why CPHulk can block you, you need to know what a brute force attack is.

Brute Force Attacks

Simply put a brute force is a password guessing technique that consists of trying to login with a user name and password over and over, changing either the username and/or the password if not successful.

Given enough time even a moderately secure, random character password can fall victim to this as some attackers will try every combination they can if given the chance.

CPHulk will detect and block these attacks by checking for failed login attempts. This can affect you if the failed logins are originating from your internet connection. The steps below will guide you on how to unblock yourself depending on the access you have.

Unblocking in WHM

If you still have access to WHM, you can unblock an IP address using the steps below.

  1. Login to WHM

  2. Search for 'cphulk'

  3. Click on the blue 'Flush DB' button

You can also Whitelist your IP in the 'White/Black List Management' tab, by adding you IP and clicking 'Quick Add'.

In addition to seeing current attempts and blocks in the 'Login/Brute History Report' tab.

Unblocking in Console

If you are blocked from WHM, you can unblock an IP address using the steps below.

  1. Login via SSH
  2. Run the following commands
    1. mysql -u root
    2. use cphulkd;
    3. SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
    4. DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
    5. exit;

Please Note: If you are still having issues logging in, submit a request with tech support.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk