cPHulk is a small program developped by the cPanel team and is exclusive to cPanel / WHM control panels. It’s a brute force protection which looks for logins for PAM services. Based on the configuration, it will block an IP after a specified number of failed logins from a specific IP (or for a specific account) for a specific period of time. It covers the services like, courier,dovecot,exim,pure-tpd,cpaneld,webmaild,whostmgrd,sshd and cppop. In “cphulkd” database,there are separet tables for each service.
cPHulk stores failed login attempts in a database. This is useful for determining problem IP addresses that may need to be blocked from accessing your server altogether.
If you want to enable cPHulk protection in WHM, you will have to disable the “UseDNS” option in sshd_config.
To enable the cPHulk protection, Login to WHM,
Main >> Security Center >> cPHulk Brute Force Protection and enable/disable it there.
You can configure the settings there. One of the common mistakes when enabling cphulkd on your cpanel/whm is not to add your local ip to the whitelist first which locks you out of your own cpanel/whm. You can whitelist your own IP in White/Black List Management.
However, the database “cphulkd”, may need to be cleared from time to time. You can clear the database by clicking “Flush DB” option available in cPHulk Brute Force Protection menu in WHM or on CLI use following command,
# echo "delete from brutes; delete from logins;" | mysql cphulkd
Try to login now.