SOLVED cphulk firewall blocking duration

chanklish

Well-Known Member
May 22, 2015
63
0
6
kinshasa
cPanel Access Level
Root Administrator
hello awesome people
i am facing very large numbers of failed logins blocked by the CPhulk
most of the login are from spoofed emails ( which till now i dont have a solution for ) so mostly are not very dangerous
i receive around 50 login failure every hour - yet it is not blocking the ip of the failed logins
what can i do ?!
 

Attachments

Last edited:

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @chanklish,

I see you have Block IP addresses at the firewall level if they trigger brute force protection enabled, so the IP addresses should be blocked at the firewall level upon detection as a brute force attempt. Can you open a support ticket so we can take a closer look to see why that's not working? You can post the ticket number here and I'll link this thread to it.

Thank you.
 

chanklish

Well-Known Member
May 22, 2015
63
0
6
kinshasa
cPanel Access Level
Root Administrator
Hello @chanklish,

I see you have Block IP addresses at the firewall level if they trigger brute force protection enabled, so the IP addresses should be blocked at the firewall level upon detection as a brute force attempt. Can you open a support ticket so we can take a closer look to see why that's not working? You can post the ticket number here and I'll link this thread to it.

Thank you.
Ticket ID : 11778563
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello,

To update, here's a summary of the response from one of our Technical Analysts on the support ticket:

This is happening because you have the cphulk protection set to only block failed logins for 5 minutes, and the one-day block is set to 10 failures. You can increase the protection time to allow for the firewall to continue to block the address for more than 5 minutes, or you can add this address to the blacklist to block it permanently. The temporary block is there to prevent flooding, and to allow legitimate users to correct their password authenticity, then login again at a later time without administrator intervention.
Thank you.