We can enable\/disable cPhulk via WHM and command line.<\/p>\n\n\n\n
1] Steps to enable cPHulk via WHM<\/strong><\/p>\n\n\n\n Enabling cPHulk is pretty easy. Simply log into your WHM control panel<\/a> as root. From the main menu on the left, click on Security Center<\/strong> from the Security section. When youre done, simply click on the Enable<\/strong> button at the top.<\/p>\n\n\n\n Click on the cPHulk Brute Force Detection<\/strong> link at the top of the page. Now you may want to configure cPHulk before you enable it. The configuration parameters are pretty much self-explanatory. Basically you set the number of failed attempts before an IP or an account is blocked and you set how long you want it to be blocked.<\/p>\n\n\n\n >> Login to WHM.<\/p>\n\n\n\n >> Navigate to Home -> Security Center -> cPHulk Brute Force Protection.<\/p>\n\n\n\n >> Click the toggle ON\/OFF option to enable or disable the cPHulk.<\/p>\n\n\n\n <\/p>\n\n\n\n Configuration settings<\/strong><\/p>\n\n\n\n We can configure cPHulk settings in WHM as per the image below. We can change limits of failed login attempts and temporary blocks duration using this tab.<\/p>\n\n\n\n <\/p>\n\n\n\n Whitelist Management<\/strong><\/p>\n\n\n\n We can also whitelist an IP address from cPHulk interface. The whitelist specified IP address for which cPHulk always allows login to our server.We can enter the IP address in the New Whitelist Records field and click the Add button. We can add desired comments in the comment text box. These comments will help you for quick reference. When clicking on the whitelist management tab you will get a screen that looks like the picture below.<\/p>\n\n\n\n <\/p>\n\n\n\n Blacklist Management<\/strong><\/p>\n\n\n\n Blacklist management is opposite of the whitelist tab. This tab help you to block specific IP address and ranges.If you found repeated failed attempts to login your server from an unauthorized IP address you can add it to your blacklist to prevent any future attempts.<\/p>\n\n\n\n We can remove the blocked IP address by clicking the Delete button to the right of the IP address<\/p>\n\n\n\n <\/p>\n\n\n\n History Reports<\/strong><\/p>\n\n\n\n The History Reports tab shows all the failed attempts to access our server. We can clear the log details using this tab and it will release any current lock outs.<\/p>\n\n\n\n <\/p>\n\n\n\n cPHulk status<\/strong><\/p>\n\n\n\n To check the cPHulk status , run this command :<\/p>\n\n\n\n # ps aux | grep \u2013i cphulk<\/i><\/p>\n\n\n\n Output : <\/i><\/p>\n\n\n\n root <\/i> <\/i>8196 0.0 0.2 41088 2120 ? <\/i> <\/i>S<\/i> <\/i>Feb05 2:38 cPhulkd – processor<\/i><\/p>\n\n\n\n This output shows that cPHulk is enabled.<\/p>\n\n\n\n Restart cPHulk<\/strong><\/p>\n\n\n\n To restart cPHulk daemon, perform either one of the commands.<\/p>\n\n\n\n Perform a soft restart.<\/p>\n\n\n\n # \/scripts\/restartsrv_cphulkd<\/i><\/p>\n\n\n\n Perform a hard restart and force the system to flush the daemon\u2019s memory.<\/p>\n\n\n\n # \/scripts\/restartsrv_cphulkd –stop; \/scripts\/restartsrv_cphulkd \u2013start<\/i><\/p>\n\n\n\n Disable cPHulk<\/strong><\/p>\n\n\n\n To disable cPHulk<\/p>\n\n\n\n # \/usr\/local\/cpanel\/etc\/init\/stopcphulkd<\/i><\/p>\n\n\n\n <\/i> <\/i>Or<\/i><\/p>\n\n\n\n <\/i># \/usr\/local\/cpanel\/bin\/cphulk_pam_ctl –disable<\/i><\/p>\n\n\n\n To disable cPHulk to keep it offline, even after a restart of cPanel &WHM, remove the cPHulk touch file with the following command:<\/p>\n\n\n\n # rm \/var\/cpanel\/hulkd\/enabled<\/i><\/p>\n\n\n\n Enable cPHulk<\/strong><\/p>\n\n\n\n To enable cPHulk<\/p>\n\n\n\n # \/usr\/local\/cpanel\/etc\/init\/startcphulkd<\/i><\/p>\n\n\n\n <\/i> <\/i>Or<\/i><\/p>\n\n\n\n <\/i># \/usr\/local\/cpanel\/bin\/cphulk_pam_ctl \u2013enable<\/i><\/p>\n\n\n\n IP address Management via command line<\/strong><\/p>\n\n\n\n Add IP address to whitelist<\/p>\n\n\n\n To add IP addresses to the whitelist from the command line, run this command \/scripts\/cphulkdwhitelist IP where IP shows the IP address that you wish to whitelist.<\/p>\n\n\n\n # \/scripts\/cphulkdwhitelist x.x.x.x <\/i>(Note: x.x.x.x denotes your IP address)<\/p>\n\n\n\n Add IP address to Blacklist<\/strong><\/p>\n\n\n\n We can also use the command \/scripts\/cphulkdblacklist IP for blacklisting an IP address in cphulk.<\/p>\n\n\n\n # \/scripts\/cphulkdblacklist x.x.x.x<\/i><\/p>\n\n\n\n IP address management via MYSQL<\/strong><\/p>\n\n\n\n cPHulk stores all of its information in a database called cphulkd. There are two tables of interest: \u201dlogins\u201d and \u201cbrutes\u201d.The logins table stores login authentication failure.The brutes table stores excessive authentication failures indicative of a brute force attack.<\/p>\n\n\n\n Whitelisting through MySQL prompt<\/strong><\/p>\n\n\n\n >> Login to your server via SSH as the root user and run the following commands.<\/p>\n\n\n\n >> mysql<\/i><\/p>\n\n\n\n To access the cPHulk database<\/p>\n\n\n\n >> use cphulkd <\/i><\/p>\n\n\n\n To show the list of tables under cPHulk\u2019s database.<\/p>\n\n\n\n >> show tables;<\/i><\/p>\n\n\n\n To check if your IP address is in brutes tables.<\/p>\n\n\n\n >> select * from brutes where IP =\u2019X.X.X.X\u2019; <\/i> (Note: X.X.X.X represents your IP address)<\/p>\n\n\n\n If IP address found in brutes table, then remove the IP address using the following command.<\/p>\n\n\n\n >> delete from brutes where IP =\u2019X.X.X.X\u2019;<\/i><\/p>\n\n\n\n Or we can delete the IP address from logins table<\/p>\n\n\n\n >> delete from logins where IP = \u2018X.X.X.X\u2019;<\/i><\/p>\n\n\n\n >>exit<\/p>\n\n\n\n cPHulk Log files<\/strong><\/p>\n\n\n\n The log files are first contributor on all the IT environment when we troubleshooting the problem. The cPHulk log file are located under \/usr\/local\/cpanel\/logs\/ directory and you can use less, cat, more or tail command to check the logs messages.<\/p>\n\n\n\n These are the log files of cPHulk Brute Force Protection :<\/p>\n\n\n\n >> \/usr\/local\/cpanel\/logs\/cphulkd.log<\/i><\/p>\n\n\n\n > \/usr\/local\/cpanel\/logs\/cphulkd_errors.log<\/i><\/p>\n<\/blockquote>\n\n\n\n If you require help, contact SupportPRO Server Admin<\/a><\/p>\n\n\n\n Facing issues? <\/p>\n\n\n\n Our technical support![\"a1\"\/](\"http:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/04\/a1.jpg\")
<\/a><\/figure>\n\n\n\n![\"a2\"\/](\"http:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/04\/a2.jpg\")
<\/a><\/figure>\n\n\n\n![\"a3\"\/](\"http:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/04\/a3.jpg\")
<\/a><\/figure>\n\n\n\n![\"a4\"\/](\"http:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/04\/a4.jpg\")
<\/a><\/figure>\n\n\n\n![\"a5\"\/](\"http:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2016\/04\/a5.jpg\")
<\/a><\/figure>\n\n\n\n\n
\n
engineers can solve it. <\/p>\n\n\n\n![\"Contact](\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\")
<\/a><\/span>