Forums



Results 1 to 3 of 3

Thread: cPHulk detection period

  1. 08-06-2012, 09:18 AM #1
    wanico
    wanico is offline
    Member
    Join Date
    Feb 2012
    Posts
    9
    cPanel/WHM Access Level

    Root Administrator

    Default cPHulk detection period

    Hi

    Im trying to determine what the detection period is in CPHulk

    We have a setup where after 10 incorrect logins a customer is blocked for x amount of time.
    Is there a specific duration period in which the 10 incorrect login attempts must be recorded?


    for example,
    10 incorrect logins within 1 hour = blocked
    10 incorrect logins within 10 hours = not blocked

    or does it just block for x amount of time if a counter is equal to 10 regardless of the time period?


    The documentation doesn't state this clearly Use cPHulk for Brute Force Protection

    Thanks
    Reply With Quote Reply With Quote
  2. 08-08-2012, 11:48 AM #2
    cPanelJared
    cPanelJared is offline
    cPanel Staff cPanelJared's Avatar
    Join Date
    Feb 2010
    Location
    Houston, TX
    Posts
    1,462
    cPanel/WHM Access Level

    Root Administrator

    Default Re: cPHulk detection period

    I looked this over with a member of our QA department and got some clarification about this.

    The detection time is actually defined by these two settings in Main >> Security Center >> cPHulk Brute Force Protection:

    • IP Based Brute Force Protection Period in minutes
    • Brute Force Protection Period in minutes


    The logic is, "If X number of failures occur within Y number of minutes, then consider it a brute-force attempt and lock out the IP address or account for Y number of minutes."

    The documentation is correct in that these values determine how long an IP address or account will be locked out, but it does not specify that this is also the time period that is used to determine if failed log-ins reach the threshold to be considered a brute-force attempt.

    I have submitted a case to try to have the documentation revised to clarify this. Thank you for bringing this to our attention, and I hope this helps you.
    For hands-on assistance, please reference our new support information page: Where should I go for support?
    cPResources: Support Options - Submit a ticket here - Additional Support Options - Forums Search - Mailing Lists(Alt) - Documentation - Find cPanel hosting


    -- Jared Ryan, Technical Analyst, cPanel Technical Support
    Reply With Quote Reply With Quote
  3. 08-10-2012, 01:54 AM #3
    wanico
    wanico is offline
    Member
    Join Date
    Feb 2012
    Posts
    9
    cPanel/WHM Access Level

    Root Administrator

    Default Re: cPHulk detection period

    Hi Jared,

    That answers my question.
    Thanks
    Reply With Quote Reply With Quote
« cPanel FTP User Permissions | Autoresponder not working if body of reply message has reply header in it »

Similar Threads

  1. cPHulk - Maximum Failures before IP blocked for two weeks - what period??
    By scanreg in forum Security
    Replies: 1
    Last Post: 03-16-2012, 04:17 AM
  2. Suspended for Trojan detection
    By Marks12 in forum Security
    Replies: 0
    Last Post: 06-29-2010, 07:53 PM
  3. Intrusion Detection cpanel
    By liang3391 in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 06-17-2009, 09:27 AM
  4. brute force detection
    By ploppy in forum cPanel & WHM Discussions
    Replies: 2
    Last Post: 02-19-2008, 05:56 AM
  5. [FreeBSD] PostgreSQL 8.0 detection
    By Escaflowne in forum cPanel & WHM Discussions
    Replies: 2
    Last Post: 12-01-2005, 04:32 AM