How to prevent brute force attacks on Cpanel Login

unfortunately, if you are not on a dedicated server or whm, alot of options are not available. I highly doubt your provider would disable the ability of password logins of a whm simply because its convenient.

What he could and should be doing is providing a descent firewall to prevent this from the beginning. I suggest looking for another provider.

 

There are some firewalls that work in conjunction with brute force detectors to stop this sort of attack (by banning the IP at the firewall level).

The moderator Chirpy here provides an "all-in-one" solution called ConfigServer Security & Firewall (or CSF). Check out http://www.configserver.com/cp/csf.html for more info.

BFD+APF is another option - see http://rfxnetworks.com for more on this one.

I can say that I've used both and they both work well. In the past few weeks I have started to lean more toward CSF. Chirpy and company are doing fantastic work on it - making it much more than just a firewall. Very nice package.

Good luck! PS - I am sorry that your provider is unresponsive on this. Maybe it's time to look elsewhere?

 

Forgive Me if I'm wrong, but, I believe the originial poster is talking about Cpanel Logins...

 

You are not listening to what you were told - if a good firewall were in place like CSF firewall he suggested - then the brute force attack would have been halted and the person would have been blocked BEFORE they got access ~

 

I would suggest you to check and use APF+BFD, wonderful utils you can a event mail also..

 

I am sorry but another product (ConfigServer Security & Firewall (or CSF))is also seems good I have just checked and found it. it has interactive integration with WHM and other extra security functions tooo...

 

I know this is an old thread, but..

unless you have a custom scripts, I don't believe that APF and BFD protect against brute force against Cpanel. I don't know if cfs does or not. Has anybody got it working?

 

CSF has a feature that detects login failure. You can adjust this to any amount
of failed attempts you wish to allow. You can also protect htaccess logins as well
as ftp and webmail and any other service that requires a login.

 

OMG I so couldnt agree with you more I had no idea just how many idiot customers I had until CSF !!

 

God I love CSF! I know which days I gotta work and which ones I dont. Since implementing CSF it does most of my work too :D

Banning hackers... Banning Hackers, and Watching The Server

Only thing i gotta do now, is unban stupid customers! The ones who lose there damn password and guess 2 hundred times instead of calling support!!

Haha.

 

ban them too :D

 

For the original poster, CSF can be installed in only a few lines of typing - basically a copy-and-paste of a small block of text into the root shell. It can be updated from WHM with a single click and it will save them a LOT of work down the track if they install it. Could even save them from a root exploit!

If they won't install it, I'd recommend changing to someone who DOES run it. A webhoster who runs CSF demonstrates they've been keeping up with the latest in security and is much more likely to help you keep safe. And it's only a matter of a few minutes work to copy an account from one cpanel server to another - including all your email, your web pages, SQL databases, the whole lot (possibly with the exception of mailing lists, which you probably don't use) -- cpanel automates account copying.

You may also want to download a full backup of your account from the backups menu in cpanel, just to cover yourself before moving hosts.

 

Cheers CSF is great, just installed it, its really really easy and very handy.No excuse for not having this.

 

Would it be ok to run this along with APF+BFD or should it be run without?

 

CSF is a replacement for APF+BFD, many times better. APF+BFD were great but CSF has built on what they provided. CSF has a WHM interface and the lfd part of it is much better at blocking miscreants than BFD was.