Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPHulk vs. CSF

Discussion in 'Security' started by shacker23, Nov 1, 2011.

  1. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    We've always run ConfigServer's excellent CSF on our cPanel servers, with great results. However, we use it in a fairly basic way, without too much advanced configuration. Brute force detection and blocking is our own main goal. A while back, cPanel introduced cPHulk, which seems to do the same thing but with far fewer configuration options.

    We are now considering dropping CSF and running with just cPHulk. Has anyone gone through a similar conversion? Any regrets? Any gotchas we should aware of?

    Thanks.
     
    #1 shacker23, Nov 1, 2011
  2. cwalke32477

    cwalke32477 Well-Known Member

    Joined:
    Mar 2, 2010
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    Atlanta, Georgia
    cPanel Access Level:
    Root Administrator
    You may want to look into the more advanced options of CSF.
    It's way more powerful than cphulk. You can also use the two side by side.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cwalke32477, Nov 1, 2011
  3. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    Sorry, I should clarify. We've used CSF for years but have never had a need for the more advanced features. Basically we use it for auto-blocking, whitelisting and blacklisting. And cPHulk provides all of that. Now we have a situation where CSF is making things a bit tricky, and we'd prefer a simpler solution, so we're considering no longer using both, and going with cPHulk only. I should have phrased the question like this: Will we lose any level of security by stopping CSF and using cPHulk only. Since the cPHulk is the "official" solution, I'd like to hope it's considered by cPanel to be very secure.

    To confirm, both tools simply manipulate iptables based on bad behavior, right? It's not like they're using totally different baseline techniques...
     
    #3 shacker23, Nov 2, 2011
  4. LaceHost-Ishan

    LaceHost-Ishan Active Member

    Joined:
    Dec 6, 2008
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    Pune, India
    cPanel Access Level:
    DataCenter Provider
    cPHulk is only Brute Force detection/failed login blocking , whereas a Firewall or a security solution (CSF) includes a lot more.

    If you are interested in only auto-blocking, cPhulk is good, but a properly configured firewall is a must for security.

    What if you get an apache ddos attack? CSF will help you mitigate it, but cPHulk won't. cPHulk is good at what it does, but it cannot replace an entire security solution.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 LaceHost-Ishan, Nov 2, 2011
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    cPHulk uses a MySQL database that does not use iptables in the manner CSF is using. It is more intensive to block using cPHulk due to the fact it blocks based on logging authentications to a MySQL database and then determining actions based on it. It is actually more streamlined and easier to manage CSF / LFD due to it dealing directly with iptables via flat files.

    If you want a simpler solution, you should simply deal with iptables directly, since iptables would then cut out any overhead in using another product layer on top of it. You can add your own entries into iptables and block based on number of login attempts within a set timeframe. There are sites discussing how to do this:

    http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/
    http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/

    The examples are for SSH, but you can use it for any port that you want to restrict the number of login attempts in a set time period.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelTristan, Nov 2, 2011
  6. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    Many thanks Tristan and Lace - exactly the kind of info we were looking for. I didn't realize they were fundamentally different in approach - assumed cPHulk was just a stripped down firewall, but apparently not. In this case, we'll keep CSF and dig deeper into configuring it for the weird use case we've got here.
     
    #6 shacker23, Nov 2, 2011
  7. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    By the way, I would suggest that cPanel should say in big bold letters in the cPHulk documentation:

    Use cPHulk for Brute Force Protection

    Note: cPHulk is NOT a firewall product, and should not be used in lieu of a full-featured firewall. cPHulk is fully compatible with popular cPanel firewall systems.


    In fact, it would be good to put words to that effect directly into the cPHulk UI in WHM. I wonder how many hosts out there are running cPHulk alone, mistakenly thinking that it provides DDoS and other protections.
     
    #7 shacker23, Nov 2, 2011
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello shacker23,

    If you would like the wording changed in our documentation, you may wish to submit a feature request for that change to this location:

    http://go.cpanel.net/iwant

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelTristan, Nov 4, 2011
  9. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    Good suggestion - done!
     
    #9 shacker23, Nov 4, 2011
  10. anton_latvia

    anton_latvia Well-Known Member PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    358
    Likes Received:
    4
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Hm.. I might have misunderstood cpHulk or at least had bad experience when it was first introduced. Since that we liked and used CSF with cpHulk disabled. But there is one issue with CSF/LFD. CPU usage. For unknown reason. Probably it is reparsing log files or something like that. I liked approach of cpHulk to use MySQL to store each login attempt. But still CSF/LFD has more wider list of options. Can anyone suggest how to use both products (if this is a good idea) or which of their functions overlaps?

    Anton.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 anton_latvia, Nov 8, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPHulk
  1. apaulo

    Disable cPHulk email notifications?

    apaulo, May 14, 2019 at 3:42 AM, in forum: Security
    Replies:
    3
    Views:
    69
    cPanelLauren
    May 16, 2019 at 12:04 PM
  2. apaulo

    cPHulk Countries blacklist not working?

    apaulo, May 14, 2019 at 2:23 AM, in forum: Security
    Replies:
    11
    Views:
    126
    grant-la
    May 18, 2019 at 10:00 PM
  3. easyprosys

    cpHULKD keep stopping and restarting

    easyprosys, May 12, 2019, in forum: Security
    Replies:
    1
    Views:
    132
    cPanelLauren
    May 14, 2019 at 6:58 PM
  4. Elizabeta

    SOLVED cPhulkd process did not start after restart

    Elizabeta, May 10, 2019, in forum: General Discussion
    Replies:
    4
    Views:
    323
    cPanelMichael
    May 17, 2019 at 12:17 PM
  5. Lorri Nevil

    cPHulkd blocking 127.0.0.1

    Lorri Nevil, May 9, 2019, in forum: E-mail Discussion
    Replies:
    4
    Views:
    323
    cPanelMichael
    May 15, 2019 at 1:05 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice