SOLVED cphulk - period - protection or detection ?

ottdev

Well-Known Member
Oct 1, 2013
133
5
68
cPanel Access Level
Root Administrator
Please clarify this contradiction:
cPHulk Brute Force Protection - Version 70 Documentation - cPanel Documentation

Brute Force Protection Period (in minutes): The number of minutes for which cPHulk blocks all login attempts on a specific user's account
This sounds like it's a PROTECTION period (as labeled). i.e. how long the block will last.

Maximum Failures by Account: The maximum number of failures that cPHulk allows per account within the Brute Force Protection Period (in minutes) time range. cPHulk locks the account for one minute for each attempt that you allow with this setting. For example, if you set the Maximum Failures by Account setting to 15, after 15 login attempts cPHulk locks the account for 15 minutes.
"failures...within the Brute Force Protection Period" <= Now it sounds like this is a DETECTION period instead.
"cPHulk locks the account for one minute for each attempt that you allow" <= and the number of failures is also used as the PROTECTION blocking minutes.

Which is it? if I set 15 and 25 in these 2 boxes, is it
25 failures within 15 minutes locks the user account for 25 minutes
25 failures within 15 minutes locks the user account for 15 minutes

i.e. the top box is both detection and protection period
or the top box is detection only and bottom is failures and protection period
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello,

Think of it in terms of "how many failed login attempts" are allowed in a specific "time frame". Let's say you use these settings:

Brute Force Protection Period (in minutes) - 15
Maximum Failures by Account
- 25

If 25 login failures occur for an account within a 15-minute window of time, then the account is locked. The number of minutes the account is locked corresponds to the Maximum Failures by Account setting. If it's set to 25, then the account is locked for 25 minutes.

Thank you.
 

ottdev

Well-Known Member
Oct 1, 2013
133
5
68
cPanel Access Level
Root Administrator
Thank you. so this statement in the docs in indeed INCORRECT: "Brute Force Protection Period (in minutes): The number of minutes for which cPHulk blocks all login attempts on a specific user's account"
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Thank you. so this statement in the docs in indeed INCORRECT: "Brute Force Protection Period (in minutes): The number of minutes for which cPHulk blocks all login attempts on a specific user's account"
I've opened a case with our Documentation Team (DOC-10557) to have the description of this option updated. I'll update this thread once the change is published.

Thank you.
 

ottdev

Well-Known Member
Oct 1, 2013
133
5
68
cPanel Access Level
Root Administrator
That is clear now. Thank you :)
HOWEVER ...
Further down the page you have the same incorrect? I suspect OLD verbiage for the other field.
I assume they both work the same way?

IP Address-based Brute Force Protection Period (in minutes)
The number of minutes during which cPHulk blocks an attacker's IP address.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello @ottdev,

I've opened internal case DOC-10624 for that particular part of the document. I'll update this thread again once the case is complete.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello,

The changes are now published.

Thanks!