ManuelT

Well-Known Member
Sep 30, 2005
55
0
156
I've just enabled a cPHulk as I'm getting quite a few brute force attacks however it doesn't seem to be working.

It catches people at the right time, it emails me to let me know it's caught someone and if I want to whitelist/blacklist them, it lists them under history report but when checking the log 20,000 attempts from the same IP!

Is there something else I need to enable?
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter

NetMantis

BANNED
Apr 22, 2012
116
1
66
Utah
cPanel Access Level
DataCenter Provider
Honestly, I really can't comment on that one.

I absolutely hate and despise CpHulk and it is the very first thing I turn off and disable on all new Cpanel servers because it still, even today, remains very buggy and unreliable and often causes more problems than it helps with security and brute force attack situations.

I prefer to rely instead on those same features in ConfigServer's CSF Firewall (and LFD) instead of CpHulk.
 

NixTree

Well-Known Member
Aug 19, 2010
413
5
143
Gods Own Country
cPanel Access Level
Root Administrator
Twitter
Honestly, I really can't comment on that one.

I absolutely hate and despise CpHulk and it is the very first thing I turn off and disable on all new Cpanel servers because it still, even today, remains very buggy and unreliable and often causes more problems than it helps with security and brute force attack situations.

I prefer to rely instead on those same features in ConfigServer's CSF Firewall (and LFD) instead of CpHulk.
Yes, I agree with Netmantis..use CSF and turn off cphulkd.
 

ManuelT

Well-Known Member
Sep 30, 2005
55
0
156
Does seem very much like it doesn't work (very well) and they can't be bothered to fix it. Thanks for the advice I'll take a look at CSF.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
If cPHulk Brute Force Protection isn't working properly, it is always best to open up a ticket for us to see why it isn't working. The forum is not a replacement for on server troubleshooting of services we provide not functioning. We cannot fix what we have no access to investigate.
 

ManuelT

Well-Known Member
Sep 30, 2005
55
0
156
To try and avoid loads more threads on the same subject I'll post the results of my ticket.

cPHulk is a PAM module and blocks people via PAM so that even if they guess the correct password they are prevented gaining access. Due to this it will not affect the log files at all.

I hope that this infomation helps someone.
 

nibb

Well-Known Member
Mar 22, 2008
319
5
68
Did someone noticed that the latest update 11.34 broke this again?

The brute force is working, but the IP 2 week locking is not. You have to set the IP timeout lower than the account to work, then it blocks attempts for 2 weeks but of course it invalids the account lockout time as they are directly blocked for 2 weeks.

I also noticed the Access Host list restriction is not working either anymore. If you happen to have SSH or any other services restricted by IPs, this is not working. I saw a huge increase on port 22 attempts since the upgrade as its not disconnecting users anymore as it should.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello nibb,

You've been a member of the forum for some time now. As has been noted several times, please submit a ticket if you believe something isn't working properly and might be a bug.

Thanks!