The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk Brute Force Protection

Discussion in 'General Discussion' started by Flatliner, Mar 3, 2007.

  1. Flatliner

    Flatliner Registered

    Joined:
    Sep 12, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Can anyone advise me with these settings please? Should I enable/Disable?

    IP Based Brute Force Protection Period in minutes: Brute Force Protection Period in minutes: Maximum Failures By Account: Maximum Failures Per IP: Maximum Failures Per IP before IP is blocked for two week period: Extend account lockout time upon additional authentication failures:
     
  2. Flatliner

    Flatliner Registered

    Joined:
    Sep 12, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Anyone know anything about cPHulk Brute Force Protection ? Anyone using it?
     
  3. Flatliner

    Flatliner Registered

    Joined:
    Sep 12, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    It is in my whm panel Security Center Section. I am running WHM 11
     
  4. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Never heard about "cPHulk Brute Force Protection" .... but it's not only me, neither google does ....

    Do you have any link where we may found it?
     
  5. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Yeap, it's in the changelog,

    Seems that will need to wait for someone from cpanel to explain this new feature.
    Maybe Chirpy has news regarding this, as he developed the csf.
     
  6. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I dont' see how Chripy will know more than anyone else after using it or reading the change log. He's not a cPanel developer ;)

    It sounds like a service daemon which actively monitors failed logins.
     
  7. sampride

    sampride Member

    Joined:
    Jul 8, 2005
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    From the chagelog it said:
    "Added cphulkd, the cPanel Brute Force Protection service. This service monitors failed authentication attempts and locks out accounts after the threshold is met."
     
  8. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Test server using Edge, Security Center shows:


    Log apparently is in: /usr/local/cpanel/logs/cphulkd_errors.log
    Daemon is: /usr/local/cpanel/cphulkd.pl
     
    #8 ramprage, Mar 26, 2007
    Last edited: Mar 26, 2007
  9. norelidd

    norelidd Well-Known Member

    Joined:
    Jan 15, 2007
    Messages:
    173
    Likes Received:
    1
    Trophy Points:
    18
    Does cphulkd replace csf/lfd or does it augment it? How should we have the two set up, or do we choose one over the other?
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It uses a different method/measure for blocking. It's another layer of security and should live happily with csf+lfd.
     
  11. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    it does live happily with csf + lfd :D
     
  12. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    Very nice tool, have it enabled :)
     
  13. Mindlash

    Mindlash Well-Known Member

    Joined:
    Jul 7, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    I've been using it for a little over a week now.

    Had one client call me about being 'locked out' -- but then they realized it was their fault -- and I simply said "It's an added measure of security" which they quickly appreciated.

    At any rate... my log file is filled with hundreds/thousands of simliar lines:

    Timeout while waiting for response at /usr/local/cpanel/Cpanel/Hulkd.pm line 182, <GEN102589> line 2.
    Timeout while waiting for response at /usr/local/cpanel/Cpanel/Hulkd.pm line 182, <GEN102640> line 2.
    Timeout while waiting for response at /usr/local/cpanel/Cpanel/Hulkd.pm line 182, <GEN102691> line 2.
    Timeout while waiting for response at /usr/local/cpanel/Cpanel/Hulkd.pm line 182, <GEN102726> line 2.
    Timeout while waiting for response at /usr/local/cpanel/Cpanel/Hulkd.pm line 182, <GEN102759> line 2.
    Timeout while waiting for response at /usr/local/cpanel/Cpanel/Hulkd.pm line 182, <GEN102790> line 2.


    Thoughts?
     
  14. brendanrtg

    brendanrtg Well-Known Member

    Joined:
    Oct 4, 2006
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Since most of us already have csf + lfd installed, why the need for CPHulk when its basically doing the same thing?

    Wont this slow the server down?
    :confused:
     
  15. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    well if you dont use csf lfd the tool is handy anyways.
     
  16. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's a different layer of security. Most of the effort is duplicated if you also use lfd, but there's no particular harm in running both to improve overall security, except for the additional work in tracking down where/how a particular IP is blocked.
     
  17. Rogers

    Rogers Registered

    Joined:
    Feb 18, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Europe
    I've just enabled cPHulk about half an hour ago as there is an ongoing brute force attack on my host's ftp port and I just noticed this new feature.

    However I'm not sure it's working as I see nothing in the logs on the "Configure cPHulk" page in WHM and the brute force detection software running on my server keeps warning me every 10 mins that it's still ongoing.

    Doing "ps aux" seems to suggest the cPhulkd service is running.
     
  18. jmcole

    jmcole Active Member

    Joined:
    Aug 17, 2004
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    We are seeing the same errors, any ideas cPanel staff or forum experts? Thanks!
     
  19. JonMcD

    JonMcD Registered

    Joined:
    Aug 23, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Bump ... I'm seeing the same Hulkd.pm timeout messages
     
  20. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    When cPHulkd is enabled, it enables a PAM module which monitors pam authentication for brute force attacks. It watches and protects all services using pam authentication.

    I believe this issue was resolved in the latest RELEASE update 8/8. "Fix problem where cphulkd would not respond to internal process control (cpkuld --stop)" (http://changelog.cpanel.net/)

    What logs are you seeing these errors in? What OS and cPanel version are you running. I've checked on a couple test servers and haven't seen these errors. Are you receiving the errors when a brute force attack is occurring?
     
    #20 ToddShipway, Aug 9, 2007
    Last edited: Aug 9, 2007
Loading...

Share This Page