How to Configure cPHulk in cPanel

Security is one of the primary concerns nowadays, due to a large amount of different hacking techniques used worldwide. It is important to keep servers safe and enjoy a trouble-free development of your websites at all times. If you are a cPanel user, it is well worth trying the cPHulk feature, which will provide an additional layer of protection on your server.

What is cPHulk?

cPHulk is a cPanel tool that prevents brute force attacks to your server. It can be configured in many different ways, according to your needs, or the needs of the people using your server. A brute force attack is a hacking method, which automatically attempts to use different combinations for guessing the password to your web server. cPHulk is a good way of stopping that and it really easy to configure.

How Does cPHulk Work?

cPHulk can be configured in different ways, but the logic behind it is simple. If a user attempts to enter the incorrect password multiple times, s/he will be blocked for a certain period of time. The number of login attempts and the block duration can be configured specifically for your needs. However, using cPHulk, there will be no way of brute-forcing your server.

How to Enable and Configure cPHulk?

To enable cPHulk, you can simply log into your WHM panel and navigate to the Security Center section. Select the cPHulk Brute Force Protection option.

1. cPHulk Configuration

The first thing to do is to review the available options for cPHulk protection. There are multiple ways of configuring the service to block incorrect login attempts to a specific account, login attempts from specific IP address and so on. You can also specify the duration of the block and the notifications you will get when a trigger is matched. It is best to review the official cPHulk documentation for a better understanding of that.

2. cPHulk Whitelist/Blacklist Manager

When managing a cPanel server with more than one client, there is also the need for “special” rules. You may want to permanently allow access to a specific IP address, even if it matches one of the brute-force rules. There is also the possibility to block an IP address permanently, so no access will be possible for it. Here come the Whitelist/Blacklist managers of cPHulk.

The process is simple, select the Whitelist/Blacklist tab and add a specific IP address accordingly. The system will not match the IP against the rules in the previous step.

3. Remove cPHulk IP Block

If you have an IP address that is being blocked by cPHulk and you wish to remove it, you have two ways of achieving that. The first method is via WHM and the second method is via SSH. You can choose the one that suits you best, even though both options do the same thing.

If you wish to remove a block via WHM, you will have to access the cPHulk Brute Force Protection service again. Select the Whitelist Management tab. Enter the IP address that you wish to whitelist and a comment (optional), then click on the Add button.

Another method for the removal of a cPHulk block is via SSH. Access your server via SSH and type in the following commands:

mysql

mysql> use cphulkd;

This will access the cPHulk database so you can manipulate it further. To check if a specific IP address is really blocked, you can type:

mysql> SELECT * FROM brutes WHERE 'IP'='xxx.xxx.xxx.xxx';

where you need to change ‘xxx.xxx.xxx.xxx‘ with the actual IP address you are searching for. If you see the IP address in the brutes table, you can remove it with the following SQL query:

mysql> DELETE FROM brutes WHERE 'IP'='xxx.xxx.xxx.xxx';

Once you complete that, you can exit the MySQL by typing:

mysql> quit

Conclusion

cPHulk is a helpful tool that you can use if you are a cPanel user. It is an excellent way of preventing brute force attacks to your server and it is also easy to manage. As one of the tools coming with the default cPanel package, it is recommended taking full advantage of it for your servers.