cPanel® Blog

cPHulk is Now Even Stronger

Security is a huge priority for the cPanel team. Not only do we make sure we are providing everything we can to keep our customers protected, but we also provide ways for our customers to keep their clients’ information safe as well. One of our most prized features for both web, email, and server security is cPHulk. This feature, which provides great protection against brute force attacks, has been a part of our security suite for years — and now it’s become even more powerful with the release of cPanel & WHM version 70.

What is a brute force attack?

Ever get frustrated when you get locked out of an account after several failed password attempts?

While frustrating, this is a security measure used to ensure that malicious software doesn’t successfully muscle its way into your private user or customer data. In a brute force attack, an attacker attempts to enter a user account by repeatedly entering arbitrary passwords. While this method of hacking isn’t particularly refined, it can and does work. That makes protecting yourself even more important.

How cPHulk works

cPHulk is included as part of all cPanel & WHM installations and can be used to monitor and block all login attempts made to cPanel, WHM, FTP, email, and SSH. It provides administrators with a variety of ways to combat brute force attacks both automatically and manually, and cPHulk can even be used to block malicious IP addresses in your firewall.

Blocks of malicious logins can be issued in different durations from a temporary ban to a one-day or even permanent ban.  The highly configurable cPHulk system allows for a great deal of control. You can specify the number of failed login attempts before an IP address is blocked, define additional actions to execute upon triggering of an automatic block, and even enable notifications to server administrators as specific events occur.

More Powerful in Version 70: Country Management

In previous versions of cPanel & WHM, server administrators could only manage their blacklists or whitelists by IP address. As of v70, hosts can block login attempts by country or provide easier access to selected regions of their choosing.

This update gives hosts greater versatility in how they protect user data. For example, if a server administrator who only does business in North America is alerted to suspicious traffic from Iceland, that host can now block all login attempts coming in from that country. Subsequently, a host can still whitelist individual IPs from that list of IPs or remove the country from the blacklist entirely.

“The way we built this update to cPHulk is exciting for multiple reasons,” says Jason Kiniry, one of our developers. “Not only is the update more powerful, but the changes we’ve made to the system’s task queue is encouraging us to think about new ways to provide better experiences that also put less of a load on our users’ machines.“

Take it for a test drive!

Head to your cPanel & WHM account and start exploring the updates we’ve made to cPHulk and come back to the cPanel blog to learn the new updates we’re pushing out.

Do you already use cPHulk? Let us know your thoughts about the update in the comments below.


Equal parts prose, positivity, and passion, JR Miller is a web writer that likes using words to connect with people, enhance experiences, and solve problems. Approaching copywriting as both an art and a science, he believes that a good impression is one that stays with you after the browser window has closed.

  • It’s an interesting feature. Do you plan to add filter countries by port? In example: I need to have 4-5 countries completely blocked, but there are also a couple ones that we need to only be capable to send/receive emails via pop3/smtp, so ports 110 + 587 should remain available while all other ports get blocked.
    Hope you add it to the roadmap, or let me know if I should open a feature request for this one 🙂

    • benny Vasquez

      That’s not planned right now, but sounds like a good feature request! Feel free to submit it. 🙂

  • Texadian

    Is there any issue with running cPHulk and CSF concurrently?

    • benny Vasquez

      Nope! In fact many users do exactly that!

  • Curtis Walter

    When blocking countries using CSF last summer I ran into a problem with using too many inodes and CSF would not start until I reduced the number of countries. (ie, number of blocked IP’s). I am on a VPS with Hostgator. Will this new country blocking feature present the same problem?

    • benny Vasquez

      Nope! You shouldn’t encounter that problems, since we take a different approach. If you do encounter any problems, though, definitely reach out! You can either ask your license provider for support or you can open a ticket with our team:

  • Daniel Alves de Andrade

    I leave the cpHulk disabled on my servers, because in a real scenario of brute force cpHulk increases the load of the server considerably because it seems to me that the method of working with a bank in mysql consumes a lot of resources. During the attack I get better results using only the CSF Firewall with smaller error limits and cpHulk disabled.

    This way the load of my servers even during the attacks were within an acceptable limit.

    • benny Vasquez

      We definitely agree! In version 66 we moved the cPHulk Database away from MySQL into sqlite, which has improved performance drastically, and significantly reduced the load on the system.

  • Thank you for adding country management! It’s a feature I’ve been waiting for and should make restricting certain countries from access to our servers very easy. 🙂

    • benny Vasquez

      Very glad to hear it! We’re excited about this feature.