cPHulk is a security service in cPanel & WHM designed to protect servers from brute force attacks. These attacks involve systematically guessing different password combinations until the correct one is found.
This service operates by blacklisting specific IP addresses. Instead of showing a direct message when an IP is blocked, cPanel & WHM will simply display an error indicating that the login credentials are invalid.
cPHulk monitors various services, including WHM/cPanel, POP3/IMAP/SMTP logins (for mail clients and Webmail), SSH, and FTP/SFTP.
It can automatically block IP addresses that have made too many failed login attempts or are suspected of password guessing.
The blockings can be temporary, one-day, or permanent, depending on the cPHulk configuration.
Ensure that cPHulk is enabled to use its protection features.
cPHulk settings
In this section, you can adjust the service settings to meet your needs. Options available for configuration include Username-based Protection, IP Address-based Protection, One-Day Blocks, and Login History.
Whitelist/Blacklist management
In this section, you can manually blacklist specific IP addresses or remove those that were automatically added. You can also whitelist particular IPs, such as your local IP, to ensure they are never blacklisted by cPHulk.
cPHulk logs
In this section, you can review failed login attempts, blocked users, IP addresses, and any one-day blocks.
