Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED cPHulk with CSF?

Discussion in 'Security' started by net@work, Apr 26, 2017.

Tags:
  1. net@work

    net@work Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Everywhere
    cPanel Access Level:
    Root Administrator
    I want to make 2 questions:

    1- Is good tactic to have both cPHulk and CSF enable?
    I setup csf to block SMTP, IMAP, POP3 attempts! So is good choice to have also cPHulk run?

    2- If cPHulk blogs a bruteforce attack for an email is possible no one (include legitimate users) can't login to emails because of that bruteforce attack?

    Example:

    I have 3 emails: test@example.com , test2@example.com , test3@example.com

    If someone makes a bruteforce attack to test@example.com and cPHulk stops that attack then no one can't login to test@example.com , test2@example.com , test3@example.com ?


    Any help is highly appreciated!!
     
    #1 net@work, Apr 26, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    One advantage to using both CSF and cPHulk for brute force protection is that CSF can automatically block the offending IP addresses, whereas cPHulk only does that if you enable an option to block the IP address at the firewall level.

    As far as access to the accounts that are brute force, you can review the documentation for "Username-based Protection" versus
    "IP Address-based Protection" at:

    cPHulk Brute Force Protection - Documentation - cPanel Documentation

    Let us know if that helps.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Apr 27, 2017
  3. net@work

    net@work Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Everywhere
    cPanel Access Level:
    Root Administrator
    Thank you for the response @cPanelMichael !

    I read the documentation and if I can understand clearly if someone bruteforce an email account then all legitimate users are blocked also with the stranger who made the bruteforce!

    I have a client that says all users are blocked from receive/send/login to email server!

    I see the cPHulk history and I see that someone from other country has made a bruteforce attack to one email account!

    That result makes also legitimate users has no access to all the email accounts of that cPanel account!!

    How is that possible? cPHulk also deny legitimate IP's/User's from login? My client has right?
     
    #3 net@work, Apr 28, 2017
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    cPHulk blocks logins from any IP addresses to an account that is under a brute force attack, regardless of the attackers' IP address or addresses, when "Username-based Protection" is enabled. If you prefer to avoid this behavior, you can disable "Username-based Protection" and instead use "IP Address-based Protection". This will block logins the IP addresses making the attack, as opposed to the entire account username. The downside to only using "IP Address-based Protection" is that attackers may keep using different IP addresses after getting blocked.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Apr 28, 2017
    net@work likes this.
  5. net@work

    net@work Well-Known Member

    Joined:
    Aug 3, 2016
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Everywhere
    cPanel Access Level:
    Root Administrator
    Hello @cPanelMichael !

    Thank you for this answer! Now I can understand fully how cPHulk works!!! :)
     
    #5 net@work, May 2, 2017
    cPanelMichael likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPHulk
  1. cowner

    cPHulk blacklist deny login but not view website?

    cowner, Nov 13, 2018 at 7:16 AM, in forum: Security
    Replies:
    2
    Views:
    61
    cPanelMichael
    Nov 13, 2018 at 12:39 PM
  2. Frankc

    CPHulk block own server IP address

    Frankc, Nov 1, 2018, in forum: Security
    Replies:
    1
    Views:
    73
    cPanelLauren
    Nov 2, 2018
  3. bgarrant

    ConfigServer Firewall vs Juniper SRX 300 with cPHulk

    bgarrant, Oct 2, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    132
    cPanelLauren
    Oct 8, 2018
  4. Benjamin D.

    SOLVED cpHulk failed attempts list is now permanently empty?

    Benjamin D., Sep 28, 2018, in forum: Security
    Replies:
    12
    Views:
    232
    cPanelMichael
    Nov 6, 2018
  5. Psy14

    cPHulk not completely working

    Psy14, Aug 25, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    180
    cPanelMichael
    Aug 27, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice