The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED cPHulk Brute Force Protection - What are the Blacklist Options?

Discussion in 'Security' started by LordLiverpool, Jan 6, 2017.

Tags:
  1. LordLiverpool

    LordLiverpool Active Member

    Joined:
    Dec 27, 2014
    Messages:
    44
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello cPanel

    When someone tries a Brute Force Attack on my server I get an email to say they've been temporarily blocked, in accordance with my cPHulk settings. I'm given the 4 choices of permanently adding the IP address to a Whitelist/Blacklist? (Blacklist of course!!!)
    1. Block just the offending IP address e.g. 255.255.255.1
    2. Block the offending IP address and the adjacent ones in its immediate range e.g. 255.255.255.0 to 255.255.255.255
    3. Block with a /24 on the end, this seems to do the same as Option 2.
    4. Block with a /16 on the end, this seems to do the same as Option 2.
    Can someone please clarify exactly what the /24 and /16 options do? Surely they do something different?!?

    I've tried Googling for an answer but haven't found anything clear.

    (See Image Attached)

    Thanks in advance.

    01 Brute Force.PNG
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. LordLiverpool

    LordLiverpool Active Member

    Joined:
    Dec 27, 2014
    Messages:
    44
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    @cPanelMichael

    Thanks for replying. I've read those links, thanks very much.

    So this is my fresh understanding, please confirm if I'm correct or not.

    CIDR.JPG

    Each option would appear to progressively block larger numbers of IP addresses from 1 up to 65536 addresses.

    If I’ve understood CIDR correctly; then what is the difference between Option 2 (IANA Netblock) and Option 3 (/24) ?

    I ask myself; surely I must be wrong because why would cPanel offer two options that did the same thing?

    Am I missing something? If I've misunderstood please set me straight, I’d really appreciate it.

    Best Regards
     
    #3 LordLiverpool, Jan 27, 2017
    Last edited: Jan 27, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible the IANA Netblock will match the /16 class in some cases, however it doesn't always match because IANA Netblocks will differ depending on the specific network. Thus, we provide the IANA Netblock value as a convenience for administrators, even if it sometimes matches one of the other options.

    Thank you.
     
  5. LordLiverpool

    LordLiverpool Active Member

    Joined:
    Dec 27, 2014
    Messages:
    44
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    @cPanelMichael.

    Thanks for the clarification, it's appreciated.

    Best Regards.
     
    cPanelMichael likes this.
Loading...

Share This Page