The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF, cPHulk or both?

Discussion in 'Security' started by duimstra, Aug 20, 2015.

  1. duimstra

    duimstra Member

    Joined:
    Jan 16, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I'm currently running both CSF (lfd) and cPHulk simultaneously.

    1. When CSF lfd (login failure deamon) blocks a user, I'm able to display a simple HTML message explaining why the block occured.

    2. When cPHulk blocks a user, all they see is "Wrong password message", which is annoying because users don't know what they did wrong.

    My question: Does it even make sense to run both services? Could I just disable cPHulk?

    What is your recipe?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Some users do choose to disable cPHulk when using CSF/LFD to prevent brute force attacks. Both services offer protection from brute force attempts, so it's a user-preference if you want to use both of them.

    This is by design to help prevent attackers from determining if a username exists on a system.

    Thank you.
     
  3. duimstra

    duimstra Member

    Joined:
    Jan 16, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi Michael, thanks for the explanation :)

    But - does cPHulk offer some level of protection CSF doesn't?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    CSF/LFD should protect against brute force attacks on no lesser level than cPHulk, but that question might be better asked on the CSF/LFD forums. You can find documentation on cPHulk that explains all of it's features at:

    cPHulk Brute Force Protection

    Thank you.
     
Loading...

Share This Page