The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk not working.

Discussion in 'Security' started by ManuelT, Jul 11, 2012.

  1. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    I've just enabled a cPHulk as I'm getting quite a few brute force attacks however it doesn't seem to be working.

    It catches people at the right time, it emails me to let me know it's caught someone and if I want to whitelist/blacklist them, it lists them under history report but when checking the log 20,000 attempts from the same IP!

    Is there something else I need to enable?
     
  2. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    No-one?

    Not even a "sounds like it's broken, open a ticket"?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,455
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    Honestly, I really can't comment on that one.

    I absolutely hate and despise CpHulk and it is the very first thing I turn off and disable on all new Cpanel servers because it still, even today, remains very buggy and unreliable and often causes more problems than it helps with security and brute force attack situations.

    I prefer to rely instead on those same features in ConfigServer's CSF Firewall (and LFD) instead of CpHulk.
     
  5. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    386
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Yes, I agree with Netmantis..use CSF and turn off cphulkd.
     
  6. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Does seem very much like it doesn't work (very well) and they can't be bothered to fix it. Thanks for the advice I'll take a look at CSF.
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If cPHulk Brute Force Protection isn't working properly, it is always best to open up a ticket for us to see why it isn't working. The forum is not a replacement for on server troubleshooting of services we provide not functioning. We cannot fix what we have no access to investigate.
     
  8. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    To try and avoid loads more threads on the same subject I'll post the results of my ticket.

    cPHulk is a PAM module and blocks people via PAM so that even if they guess the correct password they are prevented gaining access. Due to this it will not affect the log files at all.

    I hope that this infomation helps someone.
     
  9. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Did someone noticed that the latest update 11.34 broke this again?

    The brute force is working, but the IP 2 week locking is not. You have to set the IP timeout lower than the account to work, then it blocks attempts for 2 weeks but of course it invalids the account lockout time as they are directly blocked for 2 weeks.

    I also noticed the Access Host list restriction is not working either anymore. If you happen to have SSH or any other services restricted by IPs, this is not working. I saw a huge increase on port 22 attempts since the upgrade as its not disconnecting users anymore as it should.
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello nibb,

    You've been a member of the forum for some time now. As has been noted several times, please submit a ticket if you believe something isn't working properly and might be a bug.

    Thanks!
     
Loading...

Share This Page