The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CPHulk not blocking attempted attackers as configured

Discussion in 'General Discussion' started by DeWebDude, Mar 30, 2012.

  1. DeWebDude

    DeWebDude Member

    Joined:
    Mar 6, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello All,

    I have enabled and configured CPHulk Brute Force Protection but it doesn't blacklist the offending IP's quickly or at all like the configuration I have put in.

    In order I have the options filled out:
    1440
    30
    4
    4
    30
    All Check box's are checked.

    I am expecting that after 4 failures the IP will be blacklisted, however I get email notification showing:
    /24: https://myserver.net:2087/cgi/bl.cgi?ip=218.244.245.0/24

    the email also shows other IP's with 16, 20, 30 failures and if I look at the blacklist on WHM it didn't add that IP to the blacklist.
    I do see some IP's it blacklisted, but many are not listed.

    I also see literally 100's of the below line from lastb:
    root ssh:notty 218.244.245.251 Fri Mar 30 07:08 - 07:08 (00:00)

    If I don't click on the link from the email to add it to the blacklist it's not happening.
    I am running WHM 11.32.2 (build 8) CENTOS 5.8 i686.

    Any suggestions appreciated.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    cPHulk will not actually block IP addresses from accessing your server. Instead, it's used to prevent authentication to the services it monitors. You will need to use a firewall to actually block an IP address from your server.

    Thank you.
     
  3. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  4. linux7802

    linux7802 Well-Known Member

    Joined:
    Dec 14, 2007
    Messages:
    232
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello DeWebDude,

    The cPHulk is only disable the access for the respective service for a certain time period only but you will be able to access the other services without any problem therefore if you are using the cPHulk for security purpose then its always better, if you use the CSF firewall as it will provide you the good security as well as monitoring E-mail alerts for your server which will help you to secure the server.The csf firewall can be managed easily from the WHM once you installed CSF firewall from the shell. You can refer to the following URL for more information about CSF firewall.

    ConfigServer Scripts Forum • View forum - General Discussion (csf)
     
  5. DeWebDude

    DeWebDude Member

    Joined:
    Mar 6, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    That makes sense, thanks for the help!
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you would like, you could use WHM > Host Access Control to block any IPs but those you allow from accessing sshd, whostmgrd and several other services. Please see our documentation on that area:

    Host Access Control

    If you do not wish to use a separate, unsupported firewall application such as CSF or APF for some reason, Host Access Control is the supported method to go for blocking IPs from hitting set services other than those IPs that you specifically whitelist.
     
Loading...

Share This Page