SOLVED cPHulk Brute Force Protection - What are the Blacklist Options?

LordLiverpool

Well-Known Member
Dec 27, 2014
60
12
58
cPanel Access Level
Root Administrator
Hello cPanel

When someone tries a Brute Force Attack on my server I get an email to say they've been temporarily blocked, in accordance with my cPHulk settings. I'm given the 4 choices of permanently adding the IP address to a Whitelist/Blacklist? (Blacklist of course!!!)
  1. Block just the offending IP address e.g. 255.255.255.1
  2. Block the offending IP address and the adjacent ones in its immediate range e.g. 255.255.255.0 to 255.255.255.255
  3. Block with a /24 on the end, this seems to do the same as Option 2.
  4. Block with a /16 on the end, this seems to do the same as Option 2.
Can someone please clarify exactly what the /24 and /16 options do? Surely they do something different?!?

I've tried Googling for an answer but haven't found anything clear.

(See Image Attached)

Thanks in advance.

01 Brute Force.PNG
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463

LordLiverpool

Well-Known Member
Dec 27, 2014
60
12
58
cPanel Access Level
Root Administrator
@cPanelMichael

Thanks for replying. I've read those links, thanks very much.

So this is my fresh understanding, please confirm if I'm correct or not.

CIDR.JPG

Each option would appear to progressively block larger numbers of IP addresses from 1 up to 65536 addresses.

If I’ve understood CIDR correctly; then what is the difference between Option 2 (IANA Netblock) and Option 3 (/24) ?

I ask myself; surely I must be wrong because why would cPanel offer two options that did the same thing?

Am I missing something? If I've misunderstood please set me straight, I’d really appreciate it.

Best Regards
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello,

It's possible the IANA Netblock will match the /16 class in some cases, however it doesn't always match because IANA Netblocks will differ depending on the specific network. Thus, we provide the IANA Netblock value as a convenience for administrators, even if it sometimes matches one of the other options.

Thank you.