The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk Use and Blacklist options

Discussion in 'Security' started by The_Hawk, Nov 28, 2013.

  1. The_Hawk

    The_Hawk Registered

    Nov 28, 2013
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Website Owner
    This is going to take a little explaining, but I'll do my best and I hope you stick with me.

    I am somewhat new to this and turned on the "Send notification when brute force user is detected" option and started seeing lots of failed attempts.

    The first question I have is; how big a deal is number of failed attempts? Should I be blacklisting them or not?


    On the assumption I should I went all out and blacklisted all ranges:
    (excluding the range my IP was in, ie if my IP is I left the range out of the black list).

    Then whitelisted my own static public IP of

    So 99% of the failed attempt notifications went away and I started to get the occasional hit from things like 123.1.x.x etc etc so started blacklisting the smaller CIDR ranges of as they popped up.

    So I ended up with about 250 odd entries in the blacklist.

    But... That's all well and good when I'm in the office with a static IP, but not so useful when I'm on the road with my mobile internet connection in a different dynamic range.

    So I've managed to track down a somewhat accurate listing of the IP pools that my ISP uses for the mobile connections. The plan was to remove these from the black list (but not add them to the white list). That way I get notified if they are used but I'm not specifically white listing them....

    With me so far??

    If the pool of potential IP's are a series of /16 ranges and I want to tighten the blacklist I could add back in the bits out of the range.

    ie if the carriers range if I could then add

    to the blacklist.

    So I've put together this list and I now have a shade over 2,200 entries for the black list. Is this too many things to put into the black list?

    How many items is too many in the blacklist?
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    The additional entries added to the black or white list for cPhulkd is not really going to alter performance. Note that if you are the only person accessing your server, you may find the following option more useful for completely blocking access to services:

    Host Access Control

    Thank you.

Share This Page