The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bruteforce Panic Mode Block Me Too

Discussion in 'Security' started by dezagus, Nov 3, 2014.

  1. dezagus

    dezagus Active Member

    Joined:
    Mar 2, 2014
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I don't know, but this was since I start to use cPanel, so like 2 years ago. Always I get an Bruteforce Attack I can't access too until the attack finish. Something is wrong config?

    bruteforce.png

    Thanks,
    Denis.
     
  2. simonas

    simonas Well-Known Member

    Joined:
    Apr 21, 2013
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    cPanel Access Level:
    Root Administrator
    Well i would suggest you to make Maximum Failures per account high - like 90.
    And lower Maximum Failures per IP to 3.
     
  3. dezagus

    dezagus Active Member

    Joined:
    Mar 2, 2014
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    If I change that parameters obviously would be more tolerable to Brute Force Attacks, but, maybe an concept was wrong, the Bruteforce "Panic" mode apply for all accounts or just to account which is aim? Per example, if someone try bruteforce to "root" and I have an account called whatever name would be blocked too?

    Thanks for aswer!
     
  4. simonas

    simonas Well-Known Member

    Joined:
    Apr 21, 2013
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    cPanel Access Level:
    Root Administrator
    No, only account that's being bruteforced get's blocked. In my opinion - account locking is a stupid thing. If an attacker get's his ip blocked every 3 tries he will soon run out IPs anyway.

    Another option would be to create resseler account with root privileges and not popular name.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. dezagus

    dezagus Active Member

    Joined:
    Mar 2, 2014
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I haven an dinamic IP, so it's impossible to add to white list. I will choice simonas solutions, but, seriusly, this feature of block full account access looks more like an wrong feature more than the security possibilities. Would be great if cPanel provide some additional option of "block (or not) full account acces when bruteforce is working".
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You are welcome to submit a feature request for that via:

    Submit A Feature Request

    Or, you may want to utilize a third-party application such as CSF/LFD instead of cPHulk.

    Thank you.
     
Loading...
Similar Threads - Bruteforce Panic Mode
  1. iPlex
    Replies:
    7
    Views:
    528
  2. knight_dedy
    Replies:
    4
    Views:
    783

Share This Page