The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk Ban Questions

Discussion in 'Security' started by workingl, Nov 15, 2016.

Tags:
  1. workingl

    workingl Registered

    Joined:
    Nov 15, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    US
    cPanel Access Level:
    Website Owner
    I've got over a hundred login attempts on some IP's - but I thought I got cphulk set up to limit how many attempts before ban...

    I have Maximum Failures per IP Address in cphulk set to defualt: 5
    Maximum Failures per IP Address before the IP Address is Blocked for One Day: 30

    Typical in my login_log file is to see way more than 30 or 5 of the same lines:

    [2016-11-11 15:41:55 +0000] info [cpsrvd] 198.71.86.113 - [username] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN cpaneld: brute force attempt (user [username]) has locked out IP 198.71.86.113 (2)

    If they've been locked out trying to brute force with the same IP and [username] why isn't cphulk banning the ip?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @workingl,

    cPHulk will only block the IP address at the firewall level when the following option is enabled under "One-Day Blocks" or "IP Address-based Protection":

    "Block IP addresses at the firewall level if they trigger brute force protection"

    Note this option is not available on Virtuozzo environments. Documentation on cPHulk Brute Force Protection is available at:

    cPHulk Brute Force Protection - Documentation - cPanel Documentation

    Thank you.
     
Loading...

Share This Page