How to Enable/Disable cPHulk Brute Force Protection on cPanel Server
How to Enable/Disable cPHulk Brute Force Protection on cPanel Server
cPHulk Brute Force Protection is security feature on cPanel servers to protect from bruteforce attacks. Bruteforce attacks will try to crack your server password and cPHulk Brute Force Protection will block the IP addresses that are constantly attacking your server.
Steps to Enable cPHulk Brute Force Protection
1. Log in to WHM using server root password
You must have server root access to enable/disable this feature. Server root password will be provided by your webhosting company/Datacenter
URL to access WHm : https://YourServerIP:2087
2. Search for “cPHulk Brute Force Protection” in “Security Center”
3. Click on “cPHulk Brute Force Protection” under “Security Center”
Home » Security Center » cPHulk Brute Force Protection
4. Here you can see the current status of “cPHulk Brute Force Protection”
On the above server cPHulk Brute Force Protection feature is disabled.
Move toggle to On to Enable bruteforce protection.
Move the toggle to OFF to Disable cphulk brute force protection.
There is no use enabling cPhulk bruteforce protection if your root password is weak. You must set a strong root password for your server.
cPhulk security feature is enabled, don’t forget to add your ISP IP address in the cPhulk whitelist.
Steps to Disable cPhulk from Server backend (Command Line)
Do the below steps to disable cPhulk bruteforce protection from server
1. Log into server via SSH as ‘root’
2. Run the below command to Turn off bruteforce protection temporarily
/usr/local/cpanel/etc/init/stopcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl –disable
run the below command to check whether cPhulkd is disabled.
[root@server /]# ps aux | grep -i cphulk
3. Follow the below steps to disable cPhulkd process permanently
Above steps will temporarily stop cPhulkd process. cPhulkd process will get started if you restart cPanel service.
Example :
[root@server /]# ps aux | grep -i cphulk
root 28161 0.0 0.9 37524 9940 ? S 20:30 0:00 cPhulkd – processor – dormant mode – acce –start
cphulkd process is running on the above server.
kill -9 [processID] command will temporarily kill cphulkd process and it will get started when you restart cPanel Service.
Remove the below file to disable cphulkd protection permanently
[root@server /]# rm -f /var/cpanel/hulkd/enabled
[root@server /]#
How to Start, Stop and Restart cPhulkd bruteforce Protection on a cPanel/WHM server
You must have server root access to restart the cPhulkd process. There is a cPanel script to start, stop and restart the cPhulkd process.
1. Log into server via SSH as ‘root’
2. Run the below command to start cPhulkd
Command : /scripts/restartsrv_cphulkd –start
3. Run the below command to stop cPhulkd
Command : /scripts/restartsrv_cphulkd –stop
4. The below command will restart cPhulkd process
Command : /scripts/restartsrv_cphulkd
You can also use the below commands to start and stop cPhuld process.
Command to start : /usr/local/cpanel/etc/init/startcphulkd
Example :
[root@server /]# /usr/local/cpanel/etc/init/startcphulkd
Waiting for “cphulkd” to start ……waiting for “cphulkd” to initialize ………finished.
Startup Log
Starting PID 29487: cPhulkd – processor – dormant mode – accepting connections
cphulkd started successfully.
Command to stop cPhuld process : /usr/local/cpanel/etc/init/stopcphulkd
Example :
[root@server /]# /usr/local/cpanel/etc/init/stopcphulkd
Waiting for “cphulkd” to stop ………finished.
Startup Log
Starting PID 29487: cPhulkd – processor – dormant mode – accepting connections
cphulkd stopped successfully.
Type the below command to make sure cPhuld process is running.
Command : ps aux | grep -i cphulk
How to whitelist/blacklist an IP address in cphulkd
I. Steps to whitelist/blacklist an IP address in cPhulk brute force protection from server backend
1. Log into cPanel server via SSH as ‘root’ user
2. Command to whitelist an IP in cphulkd : /scripts/cphulkdwhitelist
3. Command to blacklist an IP in cphulkd : /scripts/cphulkdblacklist
root@server ~]# /scripts/cphulkdwhitelist 190.168.2.5
190.168.2.5 has been whitelisted
[root@server ~]# /scripts/cphulkdblacklist 190.168.2.5
190.168.2.5 has been blacklisted
[root@server ~]#