SOLVED cphulk firewall blocking duration

[chanklish]

hello awesome people
i am facing very large numbers of failed logins blocked by the CPhulk
most of the login are from spoofed emails ( which till now i dont have a solution for ) so mostly are not very dangerous
i receive around 50 login failure every hour - yet it is not blocking the ip of the failed logins
what can i do ?!

 

[chanklish]

how can i make CPHULK block the ip addresses ?!

 

[cPanelMichael]

Hello @chanklish,

I see you have Block IP addresses at the firewall level if they trigger brute force protection enabled, so the IP addresses should be blocked at the firewall level upon detection as a brute force attempt. Can you open a support ticket so we can take a closer look to see why that's not working? You can post the ticket number here and I'll link this thread to it.

Thank you.

 

[chanklish]

Hello @chanklish,

I see you have Block IP addresses at the firewall level if they trigger brute force protection enabled, so the IP addresses should be blocked at the firewall level upon detection as a brute force attempt. Can you open a support ticket so we can take a closer look to see why that's not working? You can post the ticket number here and I'll link this thread to it.

Thank you.

Ticket ID : 11778563

 

[cPanelMichael]

Hello,

To update, here's a summary of the response from one of our Technical Analysts on the support ticket:

This is happening because you have the cphulk protection set to only block failed logins for 5 minutes, and the one-day block is set to 10 failures. You can increase the protection time to allow for the firewall to continue to block the address for more than 5 minutes, or you can add this address to the blacklist to block it permanently. The temporary block is there to prevent flooding, and to allow legitimate users to correct their password authenticity, then login again at a later time without administrator intervention.

Thank you.