How to configure cPHulk settings in your server to avoid load issues

Internet is a very insecure place where anytime your server can get attacked, if not secured well. A brute force attack is one such attack that tries to login to your server by repeated password guessing attempts.

While the ideal way to prevent a brute force attack is to disable access to that service totally, it is not feasible in a public web hosting server which can get access from all over the world.

It is practically impossible to manually allow or deny each IP, from the whole range of IP addresses. That’s when a brute force protection tool becomes relevant.

What is cPHulk? How does it help?

cPHulk is a commonly used brute force protection tool that detects a brute force attack to the critical login-based services in your server such as SSH, mail, control panel, FTP, etc.

When an attack is suspected, it disables the login attempts from that IP address to the server. The blocked IP can access the site, but when trying to login, it would show an error like:


cPHulk Block Message


cPHulk can block 1. IP addresses from which too many failed login attempts were noticed to the services in the server and 2. Accounts that are being actively abused by failed login attempts.

cPHulk can be enabled in cPanel servers using the ‘WHM -> Security Center -> cPHulk Brute Force Protection’ option. cPHulk has certain configuration settings, which determines the effectiveness of the protection.

If not configured with the correct parameters, these settings can either cause the protection to be ineffective in preventing the attacks or can cause valid users to be blocked unnecessarily.

See how we help web hosting companies

Recently we were contacted by a web host whose server was responding very slow. Our expert server specialist examined the server and found that the server load was very high.

On further investigation, our tech could see that the server was under brute force attack, but the cPHulk settings in the server were inefficient in blocking this attack.

Today, we’ll see the major parameters in cPHulk tool and what is the purpose served by each of them.


Use Bobcares for your phone support services. Ensure 24/7 coverage for your customers!


Submit a Comment

Your email address will not be published. Required fields are marked *

BUSY WITH TECH SUPPORT ALL DAY? We help web hosts and other web solution providers save time and focus on growth.
Here's how we helped a web host reduce support engagement time from 3 hours to 30 mins per day: