[email protected]

Well-Known Member
Aug 3, 2016
63
5
58
Everywhere
cPanel Access Level
Root Administrator
I want to make 2 questions:

1- Is good tactic to have both cPHulk and CSF enable?
I setup csf to block SMTP, IMAP, POP3 attempts! So is good choice to have also cPHulk run?

2- If cPHulk blogs a bruteforce attack for an email is possible no one (include legitimate users) can't login to emails because of that bruteforce attack?

Example:

I have 3 emails: [email protected] , [email protected] , [email protected]

If someone makes a bruteforce attack to [email protected] and cPHulk stops that attack then no one can't login to [email protected] , [email protected] , [email protected] ?


Any help is highly appreciated!!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

One advantage to using both CSF and cPHulk for brute force protection is that CSF can automatically block the offending IP addresses, whereas cPHulk only does that if you enable an option to block the IP address at the firewall level.

As far as access to the accounts that are brute force, you can review the documentation for "Username-based Protection" versus
"IP Address-based Protection" at:

cPHulk Brute Force Protection - Documentation - cPanel Documentation

Let us know if that helps.

Thank you.
 

[email protected]

Well-Known Member
Aug 3, 2016
63
5
58
Everywhere
cPanel Access Level
Root Administrator
Thank you for the response @cPanelMichael !

I read the documentation and if I can understand clearly if someone bruteforce an email account then all legitimate users are blocked also with the stranger who made the bruteforce!

I have a client that says all users are blocked from receive/send/login to email server!

I see the cPHulk history and I see that someone from other country has made a bruteforce attack to one email account!

That result makes also legitimate users has no access to all the email accounts of that cPanel account!!

How is that possible? cPHulk also deny legitimate IP's/User's from login? My client has right?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

cPHulk blocks logins from any IP addresses to an account that is under a brute force attack, regardless of the attackers' IP address or addresses, when "Username-based Protection" is enabled. If you prefer to avoid this behavior, you can disable "Username-based Protection" and instead use "IP Address-based Protection". This will block logins the IP addresses making the attack, as opposed to the entire account username. The downside to only using "IP Address-based Protection" is that attackers may keep using different IP addresses after getting blocked.

Thank you.
 
  • Like
Reactions: [email protected]