cPHulk Brute Force Protection is a security feature in WHM that protects your server from brute force login attacks by blocking IP addresses after repeated failed login attempts. This guide shows you how to enable, disable, and configure cPHulk, as well as how to recover if you've been locked out.

How to Enable cPHulk Brute Force Protection

  1. Step 1: Log in to WHM

    Access WHM by logging in with the server's root password. Root access is required to enable or disable this feature.

  2. Step 2: Navigate to cPHulk Settings

    Navigate to the "Security Center" and locate the option for "cPHulk Brute Force Protection".

    WHM Security Center menu

  3. Step 3: Enable cPHulk

    After clicking this button, you will notice that cPHulk is currently deactivated. To enable it, switch the toggle to the "on" position in this menu.

    cPHulk toggle switch

  4. Step 4: Configure and Save Settings

    Once you've switched it on, you can choose your cPHulk settings before selecting the "Save" button located at the bottom of the page.

How to Disable cPHulk if You're Locked Out

By default, cPanel triggers this protection mechanism after a set number of failed login attempts, leading to the error message "Permission refused, please try again." If you're experiencing denied cPanel login due to cPHulk Brute Force Protection, follow these steps to disable it.

  1. Step 1: Access the Server

    If your SSH access is also denied, utilize the video display on the Tilaa Dashboard for login.

  2. Step 2: Disable cPHulk Service

    Run the following commands to shut down the service and terminate any active processes:

    whmapi1 configureservice service=cphulkd enabled=0 monitored=0
    /usr/local/cpanel/etc/init/stopcphulkd
    /usr/local/cpanel/bin/cphulk_pam_ctl --disable
  3. Step 3: Log in and Re-enable cPHulk

    Now, you can log in to cPanel and activate cPHulk Brute Force Protection following the instructions outlined in the first section of this article.

How to Whitelist Your IP Address

To avoid encountering lockout issues in the future, consider whitelisting your own IP address.

  1. Step 1: Access White/Black List Management

    Navigate to the White/Black List Management tab within Security Center > cPHulk Brute Force Protection.

    White/Black List Management tab

  2. Step 2: Add Your IP to the Whitelist

    Input your local IP address in the White List (Trusted IP List) and click on Quick Add.

    Add IP to whitelist