The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk detection period

Discussion in 'General Discussion' started by wanico, Aug 6, 2012.

  1. wanico

    wanico Member

    Joined:
    Feb 27, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi

    Im trying to determine what the detection period is in CPHulk

    We have a setup where after 10 incorrect logins a customer is blocked for x amount of time.
    Is there a specific duration period in which the 10 incorrect login attempts must be recorded?


    for example,
    10 incorrect logins within 1 hour = blocked
    10 incorrect logins within 10 hours = not blocked

    or does it just block for x amount of time if a counter is equal to 10 regardless of the time period?


    The documentation doesn't state this clearly Use cPHulk for Brute Force Protection

    Thanks
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I looked this over with a member of our QA department and got some clarification about this.

    The detection time is actually defined by these two settings in Main >> Security Center >> cPHulk Brute Force Protection:

    • IP Based Brute Force Protection Period in minutes
    • Brute Force Protection Period in minutes

    The logic is, "If X number of failures occur within Y number of minutes, then consider it a brute-force attempt and lock out the IP address or account for Y number of minutes."

    The documentation is correct in that these values determine how long an IP address or account will be locked out, but it does not specify that this is also the time period that is used to determine if failed log-ins reach the threshold to be considered a brute-force attempt.

    I have submitted a case to try to have the documentation revised to clarify this. Thank you for bringing this to our attention, and I hope this helps you.
     
  3. wanico

    wanico Member

    Joined:
    Feb 27, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Jared,

    That answers my question.
    Thanks
     
Loading...

Share This Page