SOLVED cphulk - period - protection or detection ?

[ottdev]

Please clarify this contradiction:
cPHulk Brute Force Protection - Version 70 Documentation - cPanel Documentation

Brute Force Protection Period (in minutes): The number of minutes for which cPHulk blocks all login attempts on a specific user's account

This sounds like it's a PROTECTION period (as labeled). i.e. how long the block will last.

Maximum Failures by Account: The maximum number of failures that cPHulk allows per account within the Brute Force Protection Period (in minutes) time range. cPHulk locks the account for one minute for each attempt that you allow with this setting. For example, if you set the Maximum Failures by Account setting to 15, after 15 login attempts cPHulk locks the account for 15 minutes.

"failures...within the Brute Force Protection Period" <= Now it sounds like this is a DETECTION period instead.
"cPHulk locks the account for one minute for each attempt that you allow" <= and the number of failures is also used as the PROTECTION blocking minutes.

Which is it? if I set 15 and 25 in these 2 boxes, is it
25 failures within 15 minutes locks the user account for 25 minutes
25 failures within 15 minutes locks the user account for 15 minutes

i.e. the top box is both detection and protection period
or the top box is detection only and bottom is failures and protection period

 

[cPanelMichael]

Hello,

Think of it in terms of "how many failed login attempts" are allowed in a specific "time frame". Let's say you use these settings:

Brute Force Protection Period (in minutes) - 15
Maximum Failures by Account - 25

If 25 login failures occur for an account within a 15-minute window of time, then the account is locked. The number of minutes the account is locked corresponds to the Maximum Failures by Account setting. If it's set to 25, then the account is locked for 25 minutes.

Thank you.

 

[ottdev]

Thank you. so this statement in the docs in indeed INCORRECT: "Brute Force Protection Period (in minutes): The number of minutes for which cPHulk blocks all login attempts on a specific user's account"

 

[cPanelMichael]

Thank you. so this statement in the docs in indeed INCORRECT: "Brute Force Protection Period (in minutes): The number of minutes for which cPHulk blocks all login attempts on a specific user's account"

I've opened a case with our Documentation Team (DOC-10557) to have the description of this option updated. I'll update this thread once the change is published.

Thank you.

 

[cPanelMichael]

Hello,

The document is now updated with a more accurate description:

cPHulk Brute Force Protection - Version 70 Documentation - cPanel Documentation

Thanks!

 

[ottdev]

That is clear now. Thank you
HOWEVER ...
Further down the page you have the same incorrect? I suspect OLD verbiage for the other field.
I assume they both work the same way?

IP Address-based Brute Force Protection Period (in minutes)
The number of minutes during which cPHulk blocks an attacker's IP address.

 

[cPanelMichael]

Hello @ottdev,

I've opened internal case DOC-10624 for that particular part of the document. I'll update this thread again once the case is complete.

Thank you.

 

[cPanelMichael]

Hello,

The changes are now published.

Thanks!

 

[Zardiw]

Be nice if there was an explanation of the advantages of values in these fields. .....Also, they should be split into 2 fields. i.e. The detection period, and the block period.

And the ability to permanently add IP's blocked to the firewall....i.e. IPTables.

How does values in the detection period affect protection?....i.e. What is the practical difference between having a short vs long detection period?

Z

 

[cPRex]

@Zardiw - this thread is a few years old and the old documentation links are likely no longer accurate. Can you make a new post if you're seeing issues with the documentation so I can check that out?

 

[Zardiw]

Thank you for the response.......I have started a new thread: https://forums.cpanel.net/threads/cphulk-questions.701857/

Z