Community Forums
Connect with us on LinkedIn
Fix cphulkd brute force protection so blocks attacker IP instead of blocking everyone
  
Results 1 to 3 of 3
  1. 12-22-2009 12:16 PM #1
    tian
    tian is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Nov 2004
    Posts
    6

    Default Fix cphulkd brute force protection so blocks attacker IP instead of blocking everyone

    Hi,

    Right now when cphulkd brute force protection detects a brute force attack, it blocks access to the account for everyone rather than just blocking the IP address that is doing the attack.

    Since any server running services on the Internet will routinely have scans/attacks on it, it doesn't make sense to block everyone (including legitimate customers) from accessing their site when somebody is trying to do a brute force attack.

    Also, if they're trying to brute force the root account, you're locked out of your server until the brute force block expires. I know there is a whitelist but customers won't always be connecting from the same IP addresses.

    Tian
  2. 12-22-2009 06:16 PM #2
    cPanelDon
    cPanelDon is offline
    cPanel Quality Assurance Analyst cPanelDon's Avatar
    Join Date
    Nov 2008
    Location
    Houston, Texas, U.S.A.
    Posts
    2,555
    cPanel/Enkompass Access Level

    DataCenter Provider
    Send a message via ICQ to cPanelDon Send a message via AIM to cPanelDon Send a message via MSN to cPanelDon Send a message via Yahoo to cPanelDon Send a message via Skype™ to cPanelDon

    Lightbulb

    Quote Originally Posted by tian View Post
    Hi,

    Right now when cphulkd brute force protection detects a brute force attack, it blocks access to the account for everyone rather than just blocking the IP address that is doing the attack.

    Since any server running services on the Internet will routinely have scans/attacks on it, it doesn't make sense to block everyone (including legitimate customers) from accessing their site when somebody is trying to do a brute force attack.

    Also, if they're trying to brute force the root account, you're locked out of your server until the brute force block expires. I know there is a whitelist but customers won't always be connecting from the same IP addresses.

    Tian
    An IP address will be locked-out when the "per IP" or IP-based threshold is reached, such as that of "Maximum Failures Per IP" and "Maximum Failures Per IP before IP is blocked for two week period"; both of these configuration options can be customized using WebHost Manager (WHM). I recommend reviewing our documentation to help further clarify specific usage of cPHulk as configured via WHM.

    Reference menu path and documentation: WHM: Main >> Security Center >> cPHulk Brute Force Protection
    Last edited by cPanelDon; 09-03-2010 at 04:56 PM. Reason: Revised documentation link and corrected typo
    cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
  3. 09-03-2010 01:44 PM #3
    cPanelDavidG
    cPanelDavidG is offline
    Technical Product Specialist cPanelDavidG's Avatar
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    11,189
    cPanel/Enkompass Access Level

    Root Administrator

    Default

    This seems to be a configuration flaw on that particular server than a lack of functionality in cPanel/WHM. I will close this thread and archive it. If you believe I am doing this in error, please send me a PM.
«   Apacher/mod_ssl vunerability | Multi Account Transfer Tool Features and Fix »     
Similar Threads & Tags
Similar threads

  1. Brute force protection
    By bernardo.zambra in forum Discusión en Español
    Replies: 12
    Last Post: 03-29-2011, 06:14 PM
  2. Brute Force Protection
    By Mars_Taxi in forum Security
    Replies: 1
    Last Post: 01-08-2010, 10:44 PM
  3. Brute Force Protection...
    By Metalingus903 in forum Security
    Replies: 2
    Last Post: 05-31-2009, 01:08 AM
  4. Brute Force Protection Problem
    By Pomicio in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 01-25-2009, 08:04 AM
  5. Brute Force Protection
    By joako in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 04-14-2008, 05:45 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube