cPHulk - Maximum Failures before IP blocked for two weeks - what period?

C

cpangs

Registered
Aug 30, 2014
2
0
1
cPanel Access Level
Root Administrator
The main question in the post

cPHulk - Maximum Failures before IP blocked for two weeks - what period??

was never answered, so this is a kick to stimulate that. I'll add the following sub-question: Do those rules apply to explicitly whitelisted IP addresses? Here is the text from the unanswered part of original post:

In cPHulk, there is the option that says:

"Maximum Failures Per IP before IP is blocked for two week period"

However, it doesn't say over what period the "Maximum Failures" are calculated

For instance, is it calculated over a period such as:

1. per day
2. per week
3. per month
4. per year
5. forever, the life of the WHM account

When does the clock start and stop for accumulating the "Maximum Failures Per IP" before you're blocked for 2 weeks?

What if I set the number of times to be 15, then what if I have the WHM account for, say, 15 years, and I mess up the passwrd once per year? Would I then not be able to login starting in the 16th year?
Click to expand...
(The very last question is particularly well put.)
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello :)

This is answered in our documentation:

cPHulk Brute Force Detection

In particular, this part answers your questions:

Enter the number of minutes in which cPHulk measures an attacker's log in attempts in the IP Based Brute Force Protection Period in minutes text box. If an attacker at a specific IP address attempts to log in repeatedly, they will reach the defined number of login attempts within this configured time. cPHulk will consider this a brute force attempt, and will block the attacker's IP address.

Enter the number of minutes over which cPHulk measures all login attempts to a specific user's account in the Brute Force Protection Period in minutes text box. If several potential attackers attempt to log in and reach that account's defined number of login attempts within this configured time, regardless of IP address, cPHulk will consider this a brute force attempt. All IP addresses will no longer be able to log in to the cPanel user's account. In addition, cPHulk will lock the cPanel user's account.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
F cPHulk - Blacklisted IPs Still Appear In The One-Day Blocks History Report Security 2
B Server's own IP in cpHulk reporting system cpaneld auth failure? Security 13
F cPHulk help newbie Apply protection to local and remote addresses Security 2
R SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications Security 6
S cPHulk - Maximum Failures before IP blocked for two weeks - what period?? Security 1
Similar threads
cPHulk - Blacklisted IPs Still Appear In The One-Day Blocks History Report
Server's own IP in cpHulk reporting system cpaneld auth failure?
cPHulk help newbie Apply protection to local and remote addresses
SOLVED [CPANEL-25503] cPHulk is one-day blocking whitelisted address for maximum failed authentications
cPHulk - Maximum Failures before IP blocked for two weeks - what period??
Top Bottom