If I block ALL via Host Control Access is cPHulk now superfluous?

[Thoko]

I have just decided to set up HCA (Host Control Access), thinking that it would stop people being able to attempt brute force attacks, but I seem to still be getting emails notifying me of brute force attempts. I had assumed that cPHulk would be bypassed since all IPs except a select few are supposed to be blocked.
Is this behaviour normal? I am tempted to turn cPHulk notifications off but wanted to be sure that this isn't a sign that my HCA settings are failing.

 

[cPanelMichael]

Hello

What services are you using Host Access Control for? Keep in mind that only services linked to TCP Wrappers are covered.

Thank you.

 

[Thoko]

Well I created virtually identical settings for everything that was available (sshd, smtp, pop3, ftp, imap, whostmgrd, auth, cpaneld, webmaild and cpdavd). For each daemon I created two allow records (one for my IP address, and the other for my hosting provider) and for each daemon I followed these two with a deny ALL.

- - - Updated - - -

One thing that concerns me is that I did briefly try to install CSF but there were issues with my IPTables as well as the fact that the interface was truly overwhelming for me so I decided to uninstall it. However, the problem is that during the install process I ran a script that came with CSF was intended to remove APF+BFD. The script seemed to have errors and I don't know if it worked or not, but now I'm in a situation where I'm worried that this process may have had unintended consequences to the present state of my server's security. BFD seemed to not have been removed by the script but god knows if I even had APF in the first place. I don't remember ever seeing it and I don't know where it is right now.

 

[cPanelMichael]

You could reinstall CSF or reinstall APF/BFD, depending on which firewall management tool you prefer to use. I believe documentation for CSF is available on their website if you want to become more familiar with it.

Thank you.