Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CSF, cPHulk or both?

Discussion in 'Security' started by duimstra, Aug 20, 2015.

  1. duimstra

    duimstra Member

    Joined:
    Jan 16, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Reseller Owner
    I'm currently running both CSF (lfd) and cPHulk simultaneously.

    1. When CSF lfd (login failure deamon) blocks a user, I'm able to display a simple HTML message explaining why the block occured.

    2. When cPHulk blocks a user, all they see is "Wrong password message", which is annoying because users don't know what they did wrong.

    My question: Does it even make sense to run both services? Could I just disable cPHulk?

    What is your recipe?
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,809
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Some users do choose to disable cPHulk when using CSF/LFD to prevent brute force attacks. Both services offer protection from brute force attempts, so it's a user-preference if you want to use both of them.

    This is by design to help prevent attackers from determining if a username exists on a system.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. duimstra

    duimstra Member

    Joined:
    Jan 16, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Reseller Owner
    Hi Michael, thanks for the explanation :)

    But - does cPHulk offer some level of protection CSF doesn't?
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,809
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    CSF/LFD should protect against brute force attacks on no lesser level than cPHulk, but that question might be better asked on the CSF/LFD forums. You can find documentation on cPHulk that explains all of it's features at:

    cPHulk Brute Force Protection

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice