How to Enable/Disable cPHulk Brute Force Protection on cPanel Server

How to Enable/Disable cPHulk Brute Force Protection on cPanel Server


 
cPHulk Brute Force Protection is security feature on cPanel servers to protect from bruteforce attacks. Bruteforce attacks will try to crack your server password and cPHulk Brute Force Protection will block the IP addresses that are constantly attacking your server.
 


Steps to Enable cPHulk Brute Force Protection

1. Log in to WHM using server root password

You must have server root access to enable/disable this feature. Server root password will be provided by your webhosting company/Datacenter

URL to access WHm : https://YourServerIP:2087

2. Search for “cPHulk Brute Force Protection” in “Security Center”

 
cPAnel bruteforce protection
 
3. Click on “cPHulk Brute Force Protection” under “Security Center”

Home » Security Center » cPHulk Brute Force Protection
 
mitigate bruteforce
 
4. Here you can see the current status of “cPHulk Brute Force Protection”
 
Enable brute force protection
 
On the above server cPHulk Brute Force Protection feature is disabled.

Move toggle to On to Enable bruteforce protection.
 
Disable brute force attack protection
 
Move the toggle to OFF to Disable cphulk brute force protection.

There is no use enabling cPhulk bruteforce protection if your root password is weak. You must set a strong root password for your server.

cPhulk security feature is enabled, don’t forget to add your ISP IP address in the cPhulk whitelist.
 


Steps to Disable cPhulk from Server backend (Command Line)

Do the below steps to disable cPhulk bruteforce protection from server

1. Log into server via SSH as ‘root’

2. Run the below command to Turn off bruteforce protection temporarily

/usr/local/cpanel/etc/init/stopcphulkd

/usr/local/cpanel/bin/cphulk_pam_ctl –disable
 
Turn off cphulkd
 
run the below command to check whether cPhulkd is disabled.

[root@server /]# ps aux | grep -i cphulk

3. Follow the below steps to disable cPhulkd process permanently

Above steps will temporarily stop cPhulkd process. cPhulkd process will get started if you restart cPanel service.

Example :

[root@server /]# ps aux | grep -i cphulk
root 28161 0.0 0.9 37524 9940 ? S 20:30 0:00 cPhulkd – processor – dormant mode – acce –start

cphulkd process is running on the above server.

kill -9 [processID] command will temporarily kill cphulkd process and it will get started when you restart cPanel Service.

Remove the below file to disable cphulkd protection permanently

[root@server /]# rm -f /var/cpanel/hulkd/enabled
[root@server /]#
 

How to Start, Stop and Restart cPhulkd bruteforce Protection on a cPanel/WHM server


 
You must have server root access to restart the cPhulkd process. There is a cPanel script to start, stop and restart the cPhulkd process.

1. Log into server via SSH as ‘root’

2. Run the below command to start cPhulkd

Command : /scripts/restartsrv_cphulkd –start
 
Start brute force protection
 
3. Run the below command to stop cPhulkd

Command : /scripts/restartsrv_cphulkd –stop
 
Stop Cphulkd Protection
 
4. The below command will restart cPhulkd process

Command : /scripts/restartsrv_cphulkd
 
Restart cPhulkd Service
 


You can also use the below commands to start and stop cPhuld process.

Command to start : /usr/local/cpanel/etc/init/startcphulkd

Example :

[root@server /]# /usr/local/cpanel/etc/init/startcphulkd
Waiting for “cphulkd” to start ……waiting for “cphulkd” to initialize ………finished.

Startup Log
Starting PID 29487: cPhulkd – processor – dormant mode – accepting connections

cphulkd started successfully.


Command to stop cPhuld process : /usr/local/cpanel/etc/init/stopcphulkd

Example :

[root@server /]# /usr/local/cpanel/etc/init/stopcphulkd
Waiting for “cphulkd” to stop ………finished.

Startup Log
Starting PID 29487: cPhulkd – processor – dormant mode – accepting connections

cphulkd stopped successfully.


Type the below command to make sure cPhuld process is running.

Command : ps aux | grep -i cphulk
 
cphulkd process
 

How to whitelist/blacklist an IP address in cphulkd


I. Steps to whitelist/blacklist an IP address in cPhulk brute force protection from server backend

1. Log into cPanel server via SSH as ‘root’ user

2. Command to whitelist an IP in cphulkd : /scripts/cphulkdwhitelist

3. Command to blacklist an IP in cphulkd : /scripts/cphulkdblacklist

root@server ~]# /scripts/cphulkdwhitelist 190.168.2.5
190.168.2.5 has been whitelisted

[root@server ~]# /scripts/cphulkdblacklist 190.168.2.5
190.168.2.5 has been blacklisted
[root@server ~]#