When your VPS slows to a crawl: my experience fixing a cpHulk lock-up

I moved several of my sites from shared hosting to my own cPanel VPS recently. Everything was running smoothly, the sites felt faster, and the server was barely breaking a sweat.

Then out of nowhere, at around three in the morning, the VPS hit a wall. The load average shot up, the cPanel dashboard locked itself, and I had to hard reboot the machine just to get it stable again. Not ideal when you want a quiet life.

After a bit of digging, the culprit became clear. It was not PHP. Not MySQL. Not traffic. It was cpHulk.

What actually went wrong

cpHulk is cPanel’s built-in brute force protection. It monitors login failures and blocks IPs that look suspicious. In theory, useful.

In practice, on some VPS builds it can corrupt its own internal data and get itself stuck in a restart loop. When that happens, it keeps hammering the system, drags load averages up, and causes the machine to behave as if it is under attack, even when it is not.

That is exactly what I hit.

My logs showed cpHulk repeatedly starting, failing and restarting. It never fully initialised, and it created enough system noise to cause slowdowns.

The fix that stabilised everything

Once I saw the pattern, the fix was fairly straightforward:

• stop cpHulk cleanly
• clear out the corrupt data in /var/cpanel/hulkd
• restart core cPanel services and PHP-FPM
• let the system rebuild the clean config

Within minutes, the server load dropped from two to almost zero and everything returned to normal. New Relic graphs confirmed the improvement straight away.

It was not an attack and it was not a broken VPS. It was one cPanel service misbehaving.

Image above: New Relic Server Monitor

Do you need cpHulk at all?

On a VPS, you can protect SSH in far stronger ways:

• use SSH keys instead of passwords
• restrict root login
• rate limit SSH
• add Fail2ban or CSF/LFD for smart blocking
• optionally move SSH to a non-standard port to cut down noise

These offer better protection than cpHulk on its own.

What I learned

A few takeaways if you are running a cPanel VPS:

• unexplained load spikes are often caused by stuck cPanel services
• cpHulk corruption is more common than you might think
• clearing out the hulkd folder usually fixes it
• do not panic when you see thousands of failed SSH attempts, it is normal background internet noise
• always install proper monitoring like New Relic or Netdata so you can see exactly what is happening

Since cleaning it up, my server has been running far smoother than my old shared hosting and the performance difference is night and day.

Final thoughts

Moving to a VPS is worth it, but you do need a bit more awareness of what is happening under the hood. Once you know where to look, most issues are simple to fix.

cpHulk was the only thing slowing down my VPS. Removing the corruption made everything snappy again and now that I know the signs, I can spot it early if it ever comes back.