Forums
Forums

Quick Links
- Search Forums
- New Posts
Search titles only

Posted by Member:

Separate names with a comma.

Newer Than:

Search this thread only

Search this forum only

Display results as threads

More...

Useful Searches

Recent Posts
Resources
Resources

Quick Links
Feature Requests
Defects
Menu

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk vs. CSF

Discussion in 'Security' started by shacker23, Nov 1, 2011.

shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

We've always run ConfigServer's excellent CSF on our cPanel servers, with great results. However, we use it in a fairly basic way, without too much advanced configuration. Brute force detection and blocking is our own main goal. A while back, cPanel introduced cPHulk, which seems to do the same thing but with far fewer configuration options.

We are now considering dropping CSF and running with just cPHulk. Has anyone gone through a similar conversion? Any regrets? Any gotchas we should aware of?

Thanks.

#1 shacker23, Nov 1, 2011
cwalke32477 Well-Known Member

Joined:

Mar 2, 2010

Messages:

94

Likes Received:

0

Trophy Points:

56

Location:

Atlanta, Georgia

cPanel Access Level:

Root Administrator

You may want to look into the more advanced options of CSF.
It's way more powerful than cphulk. You can also use the two side by side.

Chris Walker
http://www.siterack.net
Reseller Hosting - HostReady® VPS Servers - Dedicated Servers

#2 cwalke32477, Nov 1, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

Sorry, I should clarify. We've used CSF for years but have never had a need for the more advanced features. Basically we use it for auto-blocking, whitelisting and blacklisting. And cPHulk provides all of that. Now we have a situation where CSF is making things a bit tricky, and we'd prefer a simpler solution, so we're considering no longer using both, and going with cPHulk only. I should have phrased the question like this: Will we lose any level of security by stopping CSF and using cPHulk only. Since the cPHulk is the "official" solution, I'd like to hope it's considered by cPanel to be very secure.

To confirm, both tools simply manipulate iptables based on bad behavior, right? It's not like they're using totally different baseline techniques...

#3 shacker23, Nov 2, 2011
LaceHost-Ishan Active Member

Joined:

Dec 6, 2008

Messages:

32

Likes Received:

0

Trophy Points:

56

Location:

Pune, India

cPanel Access Level:

DataCenter Provider

cPHulk is only Brute Force detection/failed login blocking , whereas a Firewall or a security solution (CSF) includes a lot more.

If you are interested in only auto-blocking, cPhulk is good, but a properly configured firewall is a must for security.

What if you get an apache ddos attack? CSF will help you mitigate it, but cPHulk won't. cPHulk is good at what it does, but it cannot replace an entire security solution.

CentralCP - Central cPanel/WHM Management - FREE
LeapSwitch Networks - Managed VPS, Dedicated Servers & Colocation
LaceHost Web Hosting Solutions

#4 LaceHost-Ishan, Nov 2, 2011
cPanelTristan Quality Assurance Analyst
Staff Member

Joined:

Oct 2, 2010

Messages:

7,622

Likes Received:

24

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator

cPHulk uses a MySQL database that does not use iptables in the manner CSF is using. It is more intensive to block using cPHulk due to the fact it blocks based on logging authentications to a MySQL database and then determining actions based on it. It is actually more streamlined and easier to manage CSF / LFD due to it dealing directly with iptables via flat files.

If you want a simpler solution, you should simply deal with iptables directly, since iptables would then cut out any overhead in using another product layer on top of it. You can add your own entries into iptables and block based on number of login attempts within a set timeframe. There are sites discussing how to do this:

http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/
http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/

The examples are for SSH, but you can use it for any port that you want to restrict the number of login attempts in a set time period.

cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

#5 cPanelTristan, Nov 2, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

Many thanks Tristan and Lace - exactly the kind of info we were looking for. I didn't realize they were fundamentally different in approach - assumed cPHulk was just a stripped down firewall, but apparently not. In this case, we'll keep CSF and dig deeper into configuring it for the weird use case we've got here.

#6 shacker23, Nov 2, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

By the way, I would suggest that cPanel should say in big bold letters in the cPHulk documentation:

Use cPHulk for Brute Force Protection

Note: cPHulk is NOT a firewall product, and should not be used in lieu of a full-featured firewall. cPHulk is fully compatible with popular cPanel firewall systems.

In fact, it would be good to put words to that effect directly into the cPHulk UI in WHM. I wonder how many hosts out there are running cPHulk alone, mistakenly thinking that it provides DDoS and other protections.

#7 shacker23, Nov 2, 2011
cPanelTristan Quality Assurance Analyst
Staff Member

Joined:

Oct 2, 2010

Messages:

7,622

Likes Received:

24

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator

Hello shacker23,

If you would like the wording changed in our documentation, you may wish to submit a feature request for that change to this location:

http://go.cpanel.net/iwant

Thanks!

cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

#8 cPanelTristan, Nov 4, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

Good suggestion - done!

#9 shacker23, Nov 4, 2011
anton_latvia Well-Known Member
PartnerNOC

Joined:

May 11, 2004

Messages:

354

Likes Received:

3

Trophy Points:

168

Location:

Latvia

cPanel Access Level:

Root Administrator

Hm.. I might have misunderstood cpHulk or at least had bad experience when it was first introduced. Since that we liked and used CSF with cpHulk disabled. But there is one issue with CSF/LFD. CPU usage. For unknown reason. Probably it is reparsing log files or something like that. I liked approach of cpHulk to use MySQL to store each login attempt. But still CSF/LFD has more wider list of options. Can anyone suggest how to use both products (if this is a good idea) or which of their functions overlaps?

Anton.

* hosting.guru - custom solutions and expert help. 15+ year experience online.
* Wordpress login protection with .htaccess - simple, fast and powerful plugin to protect your Wordpress installation

#10 anton_latvia, Nov 8, 2011

(You must log in or sign up to post here.)

Loading...

Similar Threads - cPHulk

SOLVED cphulkd much too agressive

Lethe, Jun 17, 2017 at 12:07 PM, in forum: Security

Replies:

4

Views:

64

Lethe

Jun 19, 2017 at 7:27 PM
cPHulk blocking issue

warrenceoo, May 31, 2017, in forum: E-mail Discussions

Replies:

1

Views:

56

cPanelMichael

May 31, 2017
SOLVED cPHulk auto add IP to blacklist

salfredogonzalez, May 17, 2017, in forum: Security

Replies:

2

Views:

116

salfredogonzalez

May 22, 2017
cpHulk SMS notifications stopped

Leo Butler, May 12, 2017, in forum: Security

Replies:

4

Views:

93

cPanelMichael

May 25, 2017
SOLVED cphulkd service is down

ddaddy, May 9, 2017, in forum: General Discussion

Replies:

4

Views:

206

cPanelMichael

May 24, 2017

Share This Page