cPHulk - Maximum Failures before IP blocked for two weeks - what period?

cpangs

Registered
Aug 30, 2014
2
0
1
cPanel Access Level
Root Administrator
The main question in the post

cPHulk - Maximum Failures before IP blocked for two weeks - what period??

was never answered, so this is a kick to stimulate that. I'll add the following sub-question: Do those rules apply to explicitly whitelisted IP addresses? Here is the text from the unanswered part of original post:

In cPHulk, there is the option that says:

"Maximum Failures Per IP before IP is blocked for two week period"

However, it doesn't say over what period the "Maximum Failures" are calculated

For instance, is it calculated over a period such as:

1. per day
2. per week
3. per month
4. per year
5. forever, the life of the WHM account

When does the clock start and stop for accumulating the "Maximum Failures Per IP" before you're blocked for 2 weeks?

What if I set the number of times to be 15, then what if I have the WHM account for, say, 15 years, and I mess up the passwrd once per year? Would I then not be able to login starting in the 16th year?
(The very last question is particularly well put.)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello :)

This is answered in our documentation:

cPHulk Brute Force Detection

In particular, this part answers your questions:

Enter the number of minutes in which cPHulk measures an attacker's log in attempts in the IP Based Brute Force Protection Period in minutes text box. If an attacker at a specific IP address attempts to log in repeatedly, they will reach the defined number of login attempts within this configured time. cPHulk will consider this a brute force attempt, and will block the attacker's IP address.

Enter the number of minutes over which cPHulk measures all login attempts to a specific user's account in the Brute Force Protection Period in minutes text box. If several potential attackers attempt to log in and reach that account's defined number of login attempts within this configured time, regardless of IP address, cPHulk will consider this a brute force attempt. All IP addresses will no longer be able to log in to the cPanel user's account. In addition, cPHulk will lock the cPanel user's account.

Thank you.