Cphulk Protection

cPHulk is a small program developped by the cPanel team and is exclusive to cPanel / WHM control panels. It’s a brute force protection which looks for logins for PAM services. Based on the configuration, it will block an IP after a specified number of failed logins from a specific IP (or for a specific account) for a specific period of time. It covers the services like, courier,dovecot,exim,pure-tpd,cpaneld,webmaild,whostmgrd,sshd and cppop. In “cphulkd” database,there are separet tables for each service.

cPHulk stores failed login attempts in a database. This is useful for determining problem IP addresses that may need to be blocked from accessing your server altogether.

If you want to enable cPHulk protection in WHM, you will have to disable the “UseDNS” option in sshd_config.

To enable the cPHulk protection, Login to WHM,

Main >> Security Center >> cPHulk Brute Force Protection and enable/disable it there.

You can configure the settings there. One of the common mistakes when enabling cphulkd on your cpanel/whm is not to add your local ip to the whitelist first which locks you out of your own cpanel/whm. You can whitelist your own IP in White/Black List Management.

However, the database “cphulkd”, may need to be cleared from time to time. You can clear the database by clicking “Flush DB” option available in cPHulk Brute Force Protection menu in WHM or on CLI use following command,

# echo "delete from brutes; delete from logins;" | mysql cphulkd

Try to login now.

“cPanel & WHM Update Blocks” error on the main page of WHM when we login to WHM

This issue is caused due to expired cpanel license or the corrupted license file.

It can be resolved by moving /var/cpanel/update_blocks.config and resynchronizing the cPanel license with /usr/local/cpanel/cpkeyclt.

# mv /var/cpanel/update_blocks.config /var/cpanel/update_blocks.config.bk

# /usr/local/cpanel/cpkeyclt

If its still the same, try to disable the CSF firewall by

# csf -x

and then resynchronizing the cPanel license.

database error for horde and roundecube

Sometimes you may face the following errors in webmail.

horde : A fatal error has occurredDB Error: connect failed

roundcube: DATABASE ERROR: CONNECTION FAILED!Unable to connect to the database!

Most probably, its an issue with the databases associated with horde and roundcube, so please check related error logs by

# vi /var/cpanel/horde/log/horde_0.log

Press Shift+G and check the error at bottom.

Feb 27 03:16:06 HORDE [emergency] [horde] DB Error: connect failed:  [nativecode=Access denied for user ‘horde’@’localhost’ (using password: YES)] ** mysql(mysql)://horde:[email protected]+localhost:3306/horde?persistent=1&charset=utf-8&ssl=1&splitread= [pid 18142 on line 398 of “/usr/local/cpanel/base/horde/lib/Horde/Perms/sql.php”]

# vi /var/cpanel/roundcube/log/errors

Press Shift+G and check the error at bottom.

[27-Feb-2012 03:15:09 +0000]: DB Error: _doConnect: [Error message: Access denied for user ’roundcube’@’localhost’ (using password: YES)]
[Native code: 1045]
[Native message: Access denied for user ’roundcube’@’localhost’ (using password: YES)]
** mysql(mysql)://roundcube:[email protected]/roundcube in /usr/local/cpanel/base/3rdparty/roundcube/program/include/rcube_mdb2.php on line 102 (GET /cpsess7853727673/3rdparty/roundcube/index.php)

The issue can be resolved by forced update

# /usr/local/cpanel/bin/update-horde –force
# /usr/local/cpanel/bin/update-roundcube –force

Once update completed, check the webmail.

You are done!