Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPHulk vs. CSF

Discussion in 'Security' started by shacker23, Nov 1, 2011.

  1. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    We've always run ConfigServer's excellent CSF on our cPanel servers, with great results. However, we use it in a fairly basic way, without too much advanced configuration. Brute force detection and blocking is our own main goal. A while back, cPanel introduced cPHulk, which seems to do the same thing but with far fewer configuration options.

    We are now considering dropping CSF and running with just cPHulk. Has anyone gone through a similar conversion? Any regrets? Any gotchas we should aware of?

    Thanks.
     
    #1 shacker23, Nov 1, 2011
  2. cwalke32477

    cwalke32477 Well-Known Member

    Joined:
    Mar 2, 2010
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    Atlanta, Georgia
    cPanel Access Level:
    Root Administrator
    You may want to look into the more advanced options of CSF.
    It's way more powerful than cphulk. You can also use the two side by side.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cwalke32477, Nov 1, 2011
  3. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    Sorry, I should clarify. We've used CSF for years but have never had a need for the more advanced features. Basically we use it for auto-blocking, whitelisting and blacklisting. And cPHulk provides all of that. Now we have a situation where CSF is making things a bit tricky, and we'd prefer a simpler solution, so we're considering no longer using both, and going with cPHulk only. I should have phrased the question like this: Will we lose any level of security by stopping CSF and using cPHulk only. Since the cPHulk is the "official" solution, I'd like to hope it's considered by cPanel to be very secure.

    To confirm, both tools simply manipulate iptables based on bad behavior, right? It's not like they're using totally different baseline techniques...
     
    #3 shacker23, Nov 2, 2011
  4. LaceHost-Ishan

    LaceHost-Ishan Active Member

    Joined:
    Dec 6, 2008
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    Pune, India
    cPanel Access Level:
    DataCenter Provider
    cPHulk is only Brute Force detection/failed login blocking , whereas a Firewall or a security solution (CSF) includes a lot more.

    If you are interested in only auto-blocking, cPhulk is good, but a properly configured firewall is a must for security.

    What if you get an apache ddos attack? CSF will help you mitigate it, but cPHulk won't. cPHulk is good at what it does, but it cannot replace an entire security solution.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 LaceHost-Ishan, Nov 2, 2011
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    cPHulk uses a MySQL database that does not use iptables in the manner CSF is using. It is more intensive to block using cPHulk due to the fact it blocks based on logging authentications to a MySQL database and then determining actions based on it. It is actually more streamlined and easier to manage CSF / LFD due to it dealing directly with iptables via flat files.

    If you want a simpler solution, you should simply deal with iptables directly, since iptables would then cut out any overhead in using another product layer on top of it. You can add your own entries into iptables and block based on number of login attempts within a set timeframe. There are sites discussing how to do this:

    http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/
    http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/

    The examples are for SSH, but you can use it for any port that you want to restrict the number of login attempts in a set time period.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelTristan, Nov 2, 2011
  6. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    Many thanks Tristan and Lace - exactly the kind of info we were looking for. I didn't realize they were fundamentally different in approach - assumed cPHulk was just a stripped down firewall, but apparently not. In this case, we'll keep CSF and dig deeper into configuring it for the weird use case we've got here.
     
    #6 shacker23, Nov 2, 2011
  7. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    By the way, I would suggest that cPanel should say in big bold letters in the cPHulk documentation:

    Use cPHulk for Brute Force Protection

    Note: cPHulk is NOT a firewall product, and should not be used in lieu of a full-featured firewall. cPHulk is fully compatible with popular cPanel firewall systems.


    In fact, it would be good to put words to that effect directly into the cPHulk UI in WHM. I wonder how many hosts out there are running cPHulk alone, mistakenly thinking that it provides DDoS and other protections.
     
    #7 shacker23, Nov 2, 2011
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello shacker23,

    If you would like the wording changed in our documentation, you may wish to submit a feature request for that change to this location:

    http://go.cpanel.net/iwant

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelTristan, Nov 4, 2011
  9. shacker23

    shacker23 Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    263
    Likes Received:
    1
    Trophy Points:
    168
    Good suggestion - done!
     
    #9 shacker23, Nov 4, 2011
  10. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    358
    Likes Received:
    4
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Hm.. I might have misunderstood cpHulk or at least had bad experience when it was first introduced. Since that we liked and used CSF with cpHulk disabled. But there is one issue with CSF/LFD. CPU usage. For unknown reason. Probably it is reparsing log files or something like that. I liked approach of cpHulk to use MySQL to store each login attempt. But still CSF/LFD has more wider list of options. Can anyone suggest how to use both products (if this is a good idea) or which of their functions overlaps?

    Anton.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 anton_latvia, Nov 8, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPHulk
  1. zalocus

    New Thread Afraid of using cPHulk

    zalocus, Aug 18, 2018 at 1:00 PM, in forum: Security
    Replies:
    0
    Views:
    18
    zalocus
    Aug 18, 2018 at 1:00 PM
  2. kiozix

    How to ban lifetime with cphulk

    kiozix, Aug 9, 2018, in forum: Security
    Replies:
    2
    Views:
    75
    cPanelLauren
    Aug 10, 2018
  3. toplisek

    cPHulk Daemon enabled or not?

    toplisek, Aug 8, 2018, in forum: Security
    Replies:
    2
    Views:
    60
    toplisek
    Aug 16, 2018 at 3:42 AM
  4. bcadej

    How does Countries Management cPHulk Brute Force Protection work?

    bcadej, Jul 3, 2018, in forum: Security
    Replies:
    3
    Views:
    126
    Infopro
    Jul 3, 2018
  5. Markif

    SOLVED How does blacklisting countries in cphulk work ?

    Markif, Jun 23, 2018, in forum: Security
    Replies:
    5
    Views:
    234
    lwt
    Aug 8, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice