cPHulk protection types

swbrains

Well-Known Member
Sep 13, 2006
207
28
178
Hi, I'm getting confused about the two types of protection options available in cPHulk: username-based and IP address-based.

I've read the doc page for this but it's a bit unclear to me as it self-references a bit. :) In the section about username-based protection, it says:
"Username-based Protection — Whether to enable the username-based protection settings. Set the toggle to On to enable the Username-based Protection setting. Username-based protection tracks login attempts for user accounts."

Does this mean that this option tracks login attempts based solely on the user name entered (or email address for webmail)? That is, if anyone on the internet tries to log into this account and fails "x" times, it will lock down that account from allowing *anyone* to log into it, including the valid owner? If this is the case, would that not allow hackers to effectively lock out the valid owner of the account by continuously attempting failed logins for that user ID?

For this reason, I'm thinking I only want to enable the IP address-based protection, but I don't want to disable a valuable protection if I'm not understanding it properly. My particular case is a webmail account that a user is getting locked out of, but is able to log into some of the time. Other times, they get the "The login is invalid" error message even though they repeatedly enter the correct username and password. I've checked the server logs and it shows blocking due to multiple failed attempts, so I'm wondering if this protection option is counting someone else's earlier failed attempts and locking the valid owner out of their own account.

Thanks in advance for any clarification you can provide...
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
You've got the right of it. It blocks based off of username attempts not IP. It's a bit more complicated but very well explained here: cPHulk Brute Force Protection | cPanel & WHM Documentation

In most cases, I only enable IP based protection as well and have no issues with this but it is something you should evaluate based on your needs and what works for you.
 

swbrains

Well-Known Member
Sep 13, 2006
207
28
178
Thanks. That was the help page I was confused by. ;) But thank you for verifying my understanding. That will help me decide how I want to set up cPHulk for my cusotmers.
 
  • Like
Reactions: cPanelLauren