cPHulk Questions

[Zardiw]

Regarding the Detection Period and the Block Period.

Be nice if there was an explanation of the advantages of values in these fields. .....Also, they should be split into 2 fields. i.e. The detection period, and the block period.

And the ability to permanently add IP's blocked to the firewall....i.e. IPTables.

How does values in the detection period affect protection?....i.e. What is the practical difference between having a short vs long detection period?

Z

 

[cPRex]

Hey there! Can you let me know what you mean by detection period? The only "detect" I see on the page is the very last option of "Send a notification when the system detects a brute force user" but I don't think that's what you're referring to.

As for the firewall block, this option is already present under the "IP address based protection" and "One day blocks" section:

"Block IP addresses at the firewall level if they trigger brute force protection"
"Block IP addresses at the firewall level if they trigger a one-day block"

Is that not what you were looking to happen or were you looking for something else related to the firewall?

 

[Zardiw]

Sorry.....I guess what I meant is the 'Brute Force Protection Period'.........no idea what that is.

Also the 'IP Address-Based Protection Period'.

And it doesn't give you the option for how LONG they are blocked.......at the Firewall level.

The one-day block is built in...........I'd like to be able to make it 6 MONTHS.......lol.....or PERMANENT.

Also this is only for attempted logins.............

What would be nice if it could be added to block based on 404 errors..........when guys try to hack pages that don't exist.....

Bottom Line: cPHulk could use an upgrade with more options.....and be more powerful.

If anybody wants to get depressed.........go look at your Errors Log.......it is INSANE how much attempted hacking goes on.....just NUTS.

If cPHulk could be made more automatic.....we could eliminate a lot of this.......

Also, what would be nice is if EVERYBODY could add to a Database of IP's that are hacking......to where cPHulk picks up the new ones daily.........that way we could eliminate a lot of these Aholes....

Z

 

[Zardiw]

Also I know it sends us an EMail when it blocks somebody..........with links to block at the /24 /16 levels.........would be nice if we had an option that automatically blocks at various levels ........... /16 /24, etc.
I usually block at the /8 level.......for instance
Here's 2 of MANY that I block at the .htaccess level on sites:
1.0.0.0/8 and 20.0.0.0/8 .........which blocks 1.0.0.0 to 1.255.255.255 and 20.0.0.0 to 20.255.255.255...

Using /16, you can block say 1.24.0.0/16 ..... which would block, 1.24.0.0 to 1.24.255.255 ....that way you block an entire range.

I actually block MOST of the world........it's infested with hackers.........

Z

 

[cPRex]

@Zardiw - most of what you're looking for there sounds like it would be new features we'd need to add to cPHulk. Could you use the link in my signature to get one (or multiple) opened and then I can have the developers review those?