cPHulk Brute Force Protection CANNOT protect Large Number of Failed Login Attempts

natong

Well-Known Member
May 17, 2008
89
1
58
I got 100 mails notification about failed login attempts to accounts.

It didn't ban IP.
 

inanna

Member
Jul 28, 2003
11
0
151
I am having the same problem, but thousands of attempts with no blocking. I am having to manually block.
 

outofoptions

Member
Sep 23, 2004
11
0
151
Not sure, but.....

Am I reading this wrong or are these all within about 10/11 seconds time? It may take a little longer for the system to get the block in place?
 

taproot

Well-Known Member
Aug 22, 2008
53
0
56
I have mine set to suspend people for 10 minutes after 5 login failures, but since the update I am seeing the same thing. I'll see 25 attempts in 2 minutes so it does not appear to be suspending them after 5 attempts, and I had one IP try over 100 attempts before I blocked it manually at the firewall. Anyone know what's up with cPHulk? It was working before the update, I wonder if something changed?
 

natong

Well-Known Member
May 17, 2008
89
1
58
Yes, the problem came from after update.

Anyone know what is the changed ?

I got 200 email alerts everyday.
 

kjg

Well-Known Member
Mar 2, 2004
160
3
168
We had the same problem and posted a ticket. The first class support team of cpanel solved the issue after a while and the fix will be included in next release according to them.
The protection seems to work ok, but you get a message for each (or x number of ) attempts also after the IP is blocked.
 

komalselva

Member
Dec 17, 2010
7
0
51
Komal
Re: cPHulk Brute Force Protection CANNOT protect Large Number of Failed Login Attemp

I too get this type of mails from cpanel. most of the attempt tries are from china and Indonesia. here are the ips for example

67.23.139.33 Reverse DNS: vz2-33.netfirms.com (China)
202.137.21.99 Reverse DNS: docsis1-99 (Indonesia)
 

LinuxTechie

Well-Known Member
Jan 22, 2011
502
10
68
cPanel Access Level
Root Administrator
Re: cPHulk Brute Force Protection CANNOT protect Large Number of Failed Login Attemp

Hello,

You can block the IP's using country code. The issue is that all the valid and invalid IP's of the countries specified in CSF will be blocked.

In Firewall configuration (CSF), scroll down to CC_DENY and add the country code which you needs to block.

Eg : Add CN for China in CC_DENY, that should block all IPs from China.