Brute-force attacks are one of the most common ways for malicious software (malware) to get past the security of various web services. Malware can overwhelm the authentication service and defeat current password security by repeatedly attempting to log in. Most current web servers, thankfully, provide some type of brute-force defense. This is usually referred to as cPHulk on cPanel/WHM-based systems.
In this article, we'll demonstrate you how to use cPHulk to protect your VPS from brute-force assaults.
How to Enable cPHulk Brute Force Protection
- Log in to WHM using server root password, to enable or disable this functionality, you must have root access.
- In the “Security Center” look for “cPHulk Brute Force Protection”.
- You'll see that cPHulk is deactivated after hitting this button. Toggle it on in this menu to activate it.
- After you've toggled it on, you'll be able to select your cPHulk settings before clicking the Save button at the bottom of the page.
How to disable cPHulk if your cPanel login is being denied?
By default, cPanel uses the cPHulk Brute Force Protection to deactivate a user after a specific number of failed login attempts. As a result, the notice "Permission refused, please try again" will appear. You'll need to connect in to the server to reset cPHulk. If your account is also refused through SSH, use the video display on the Tilaa Dashboard to log in.
The simplest solution is to disable the cPHulk service, which you may accomplish with the instructions below. These will turn down the service and terminate any running processes:
whmapi1 configureservice service=cphulkd enabled=0 monitored=0
You should now be able to log into cPanel and enable the cPHulk Brute Force Protection, as described in the first section of this article.
You can prevent this from happening by whitelisting your own IP. To do so, open the White/Black List Management tab in Security Center > cPHulk Brute Force Protection.
Enter your local IP address at White List (Trusted IP List) and click Quick Add.