The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CPHulk - Appears not to work!

Discussion in 'General Discussion' started by santrix, Feb 22, 2009.

  1. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    OK, I have CPHulk enabled, with only myself in the trusted hosts list (already managed to lock myself out once, so I know it's working)...

    Now, I wake up this morning to find a pile of this in my /var/log/messages

    Feb 22 08:46:44 vps pure-ftpd: (?@58.246.161.120) [ERROR] Too many authentication failures
    Feb 22 08:46:44 vps pure-ftpd: (?@58.246.161.120) [INFO] New connection from 58.246.161.120
    Feb 22 08:46:45 vps pure-ftpd: (?@58.246.161.120) [WARNING] Authentication failed for user [tsinternetuser]
    Feb 22 08:47:24 vps last message repeated 4 times
    [repeat above about a thousand times at least]

    Now, why isn't CPHulk locking this dude out? the CPHulk screen in WHM shows no lockouts, no errors, nada... zip... nothing - it all looks fine and dandy. What gives?

    I'm running the latest release R33609

    Steve
     
  2. JPC-Shaun

    JPC-Shaun Well-Known Member

    Joined:
    Oct 29, 2008
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Hi;

    Make sure that the CpHulk is enabled and properly configured.

    Enabling cPHulk is pretty easy. Simply log into your WHM control panel as root. From the main menu on the left, click on Security Center from the Security section.

    Click on the cPHulk Brute Force Detection link at the top of the page. Now you may want to configure cPHulk before you enable it. The configuration parameters are pretty much self-explanatory so I won’t go into details about this. Basically you set the number of failed attempts before an IP or an account is blocked and you set how long you want it to be blocked. Make sure you have configured the options properly here.

    When you’re done, simply click on the Enable button at the top.
     
  3. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    Thanks Shaun, but CPHulk is definitely enabled (as far as the WHM control panel pages are concerned)... It's also managed to lock me out in the past, so I am confident the service is running.

    IP Based Brute Force Protection Period in minutes:15
    Brute Force Protection Period in minutes:10
    Maximum Failures By Account:15
    Maximum Failures Per IP:5
    Maximum Failures Per IP:30
    Extend account lockout time upon additional authentication failures:no
    Send notification when brute force user is detected:yes

    I'm concerned that the log was so full of these messages, despite CPHulk was running, and that CPHulk has not recorded any failed login attempts.

    Has CPHulk ignores the logins because they were aimed at user "tsinternetuser", which obviously doesn't exist on a linux box?
     
  4. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
Loading...

Share This Page