cPHulk is cPanel & WHM service that secures server from the brute force attacks. Brute Force attack is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered.

This service works by blacklisting certain IP addresses. cPanel & WHM will not display a direct message if the IP address is blocked. In this case, you will simply see an error indicating that the logins are invalid.

cPHulk checks services like WHM/cPanel, POP3/IMAP/SMTP logins that include mail clients and Webmail, SSH and FTP/SFTP.
​
cPHulk can automatically block IP addresses from which too many unsuccessful login attempts have been detected or, those accounts, whose passwords are being tried to guess.
​
Blockings can be temporary (depending on CPHulk configuration), one-day, or permanent.

First, to use CPHulk make sure it's enabled. Type "cPHulk" in the WHM search and check it:

In this section, you can configure the service according to your needs. You will find configurable settings such as Username-based Protection,
​IP Address-based Protection, One-Day Blocks, and Login History.

In this section, you can manually blacklist a specific IP address or remove that IP that was automatically added. You can also whitelist a particular IP (e.g. your local IP) so that CPHulk would never include it to the blacklist.

In this section, you can check for failed logins, blocked users, IP addresses and one-day blocking. To filter by specific criteria, click "Select a Report":