Blacklist access into WHM/CPanel caused by CPHulk plugins is one of the frequent issues when administering WHM/CPanel-based hosting. If you select Yes during initial setup, CPHulk is activated by default on WHM and functions as a blacklisted programme, similar to Fail2ban or Denyhost, to stop spammers and crackers from using logon services.
The issue is that CPHulk frequently is unable to distinguish between normal and abnormal access. As a result of so many failures, even our legitimate IP could be banned or prevented from logging in as root. Why? Because the cracker will attempt to choose a random password, CPHulk will automatically refuse root login after a few login attempts.
Modify WHM Access Limit
In addition to closing the recommended port, there is easier way to anticipate this kind of problem, by modifying the WHM access limit/WHM login page access protection.
To do so, run the following procedure :
- Firstly, login to WHM login page, enter your user name and password.
- In the Security Center group menu, click Host Access Control menu.
- On the Daemon, select Whostmgrd daemon. It is a daemon application for WHM. We can also choose to protect SSH (SSHD) daemon or CPaneld daemon for CPanel.
- In the Access List, enter the IP or IP range that allows accessing. Write down the full subnet.
For example, to network segment 22.214.171.124/29 means to enter the IP 126.96.36.199/255.255.255.248. Configure it as 188.8.131.52/29 will not work because WHM will only accept full network subnet. If you asked, why using 184.108.40.206/255.255.255.248 and not 220.127.116.11/255.255.255.248 instead, then you should take the IP subnet course.
- In the Action section select “Allow”.
- Then, do the same thing to another IP segment which will be allowed.
- At the bottom, Select Daemon = Whostmgrd, Access List = ALL and Action = Deny. Means that other than registered IP will not be allowed.
- Lastly, click the “Save Host Access List” when finished.
- Now you can perform WHM access from the allowed IP and from outside registered IP list.
For those who are accustomed to dealing with Linux servers, the above process basically does limit access by adding a rule in the file /etc/hosts.allow