cPHulk detection period

wanico

Member
Feb 27, 2012
10
0
51
cPanel Access Level
Root Administrator
Hi

Im trying to determine what the detection period is in CPHulk

We have a setup where after 10 incorrect logins a customer is blocked for x amount of time.
Is there a specific duration period in which the 10 incorrect login attempts must be recorded?


for example,
10 incorrect logins within 1 hour = blocked
10 incorrect logins within 10 hours = not blocked

or does it just block for x amount of time if a counter is equal to 10 regardless of the time period?


The documentation doesn't state this clearly Use cPHulk for Brute Force Protection

Thanks
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
25
143
Houston, TX
cPanel Access Level
Root Administrator
I looked this over with a member of our QA department and got some clarification about this.

The detection time is actually defined by these two settings in Main >> Security Center >> cPHulk Brute Force Protection:

  • IP Based Brute Force Protection Period in minutes
  • Brute Force Protection Period in minutes

The logic is, "If X number of failures occur within Y number of minutes, then consider it a brute-force attempt and lock out the IP address or account for Y number of minutes."

The documentation is correct in that these values determine how long an IP address or account will be locked out, but it does not specify that this is also the time period that is used to determine if failed log-ins reach the threshold to be considered a brute-force attempt.

I have submitted a case to try to have the documentation revised to clarify this. Thank you for bringing this to our attention, and I hope this helps you.