The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to prevent brute force attacks on Cpanel Login

Discussion in 'Data Protection' started by baabaa, Aug 25, 2006.

  1. baabaa

    baabaa Registered

    Joined:
    Aug 25, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    My web hoster is not particularly responsive, and so I'm having to learn more of this than I probably should given my expertise. Any help will be greatly appreciated. I had someone break into my cpanel administrative account over the weekend, set up the forwarder to forward copies of my email to him, and then use this as a method to attempt to steal my domain name. Foruntately I was able to stop this.

    I've figured out how he did it, and I want to stop it from happening again. The cpanel login has a 'feature' that does not require a login name, i.e. if I enter just my password I get in. Plus, there is no 'brute force' protection on the password. I had a bad password (6 letters) and the guy was able to brute-force his way to a login, set my forwarder and then go about stealing my domain.

    Is there a way to both fix the no login name feature, and prevent further brute force attacks from being successful? I've changed the password to something much more complicated, but I'm worried that's not enough and I'm pretty certain this bugger will be back later.

    Any ideas?

    Thanks.
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    unfortunately, if you are not on a dedicated server or whm, alot of options are not available. I highly doubt your provider would disable the ability of password logins of a whm simply because its convenient.

    What he could and should be doing is providing a descent firewall to prevent this from the beginning. I suggest looking for another provider.
     
  3. baabaa

    baabaa Registered

    Joined:
    Aug 25, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cpanel login cont'd

    I'm confused. How would a firewall stop this? The crook in this case simply went straight to my cpanel login at www.xxxx.com/cpanel and then ran his script to brute-force the login. I login through this same mechanism, so how would a firewall prevent this without also preventing me from loggin in?

    Thanks.
     
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    There are some firewalls that work in conjunction with brute force detectors to stop this sort of attack (by banning the IP at the firewall level).

    The moderator Chirpy here provides an "all-in-one" solution called ConfigServer Security & Firewall (or CSF). Check out http://www.configserver.com/cp/csf.html for more info.

    BFD+APF is another option - see http://rfxnetworks.com for more on this one.

    I can say that I've used both and they both work well. In the past few weeks I have started to lean more toward CSF. Chirpy and company are doing fantastic work on it - making it much more than just a firewall. Very nice package.

    Good luck! PS - I am sorry that your provider is unresponsive on this. Maybe it's time to look elsewhere?
     
  5. BMCK

    BMCK Member

    Joined:
    May 24, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Forgive Me if I'm wrong, but, I believe the originial poster is talking about Cpanel Logins...
     
  6. procam

    procam Well-Known Member

    Joined:
    Nov 24, 2003
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    You are not listening to what you were told - if a good firewall were in place like CSF firewall he suggested - then the brute force attack would have been halted and the person would have been blocked BEFORE they got access ~
     
  7. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    I would suggest you to check and use APF+BFD, wonderful utils you can a event mail also..
     
  8. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    I am sorry but another product (ConfigServer Security & Firewall (or CSF))is also seems good I have just checked and found it. it has interactive integration with WHM and other extra security functions tooo...
     
  9. Dacsoft

    Dacsoft Well-Known Member

    Joined:
    Aug 30, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Melbourne, Florida
    I know this is an old thread, but..

    unless you have a custom scripts, I don't believe that APF and BFD protect against brute force against Cpanel. I don't know if cfs does or not. Has anybody got it working?
     
  10. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    CSF has a feature that detects login failure. You can adjust this to any amount
    of failed attempts you wish to allow. You can also protect htaccess logins as well
    as ftp and webmail and any other service that requires a login.
     
  11. procam

    procam Well-Known Member

    Joined:
    Nov 24, 2003
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    OMG I so couldnt agree with you more I had no idea just how many idiot customers I had until CSF !!
     
  12. Justin00

    Justin00 Registered

    Joined:
    Nov 5, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    God I love CSF! I know which days I gotta work and which ones I dont. Since implementing CSF it does most of my work too :D

    Banning hackers... Banning Hackers, and Watching The Server

    Only thing i gotta do now, is unban stupid customers! The ones who lose there damn password and guess 2 hundred times instead of calling support!!

    Haha.
     
  13. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
  14. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    For the original poster, CSF can be installed in only a few lines of typing - basically a copy-and-paste of a small block of text into the root shell. It can be updated from WHM with a single click and it will save them a LOT of work down the track if they install it. Could even save them from a root exploit!

    If they won't install it, I'd recommend changing to someone who DOES run it. A webhoster who runs CSF demonstrates they've been keeping up with the latest in security and is much more likely to help you keep safe. And it's only a matter of a few minutes work to copy an account from one cpanel server to another - including all your email, your web pages, SQL databases, the whole lot (possibly with the exception of mailing lists, which you probably don't use) -- cpanel automates account copying.

    You may also want to download a full backup of your account from the backups menu in cpanel, just to cover yourself before moving hosts.
     
  15. vodkajoe

    vodkajoe Member

    Joined:
    Oct 19, 2006
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Cheers CSF is great, just installed it, its really really easy and very handy.No excuse for not having this.
     
  16. Fernis

    Fernis Well-Known Member

    Joined:
    Oct 28, 2006
    Messages:
    192
    Likes Received:
    1
    Trophy Points:
    18
    Would it be ok to run this along with APF+BFD or should it be run without?
     
  17. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    CSF is a replacement for APF+BFD, many times better. APF+BFD were great but CSF has built on what they provided. CSF has a WHM interface and the lfd part of it is much better at blocking miscreants than BFD was.
     
Loading...

Share This Page