It's a great feature to ward off bruteforce but is also annoying because you think you have the wrong password when you can't login.
How to Disable cp hulk for 5 minutes
/usr/local/cpanel/etc/init/stopcphulkd........
I was worried the server was hacked, I was logged in already as root but couldn't login to CPanel or a new SSHsession. I even reset the password from the shell and it did not work still.
The reason is CPanel Hulk, it detected a brute-force attack so it locked down the root account entirely even from the correct password. According to cPanel the best way around this is to whitelist your IP.........