The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

If I block ALL via Host Control Access is cPHulk now superfluous?

Discussion in 'Security' started by Thoko, Mar 2, 2014.

  1. Thoko

    Thoko Member

    Joined:
    Feb 23, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have just decided to set up HCA (Host Control Access), thinking that it would stop people being able to attempt brute force attacks, but I seem to still be getting emails notifying me of brute force attempts. I had assumed that cPHulk would be bypassed since all IPs except a select few are supposed to be blocked.
    Is this behaviour normal? I am tempted to turn cPHulk notifications off but wanted to be sure that this isn't a sign that my HCA settings are failing.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. Thoko

    Thoko Member

    Joined:
    Feb 23, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Well I created virtually identical settings for everything that was available (sshd, smtp, pop3, ftp, imap, whostmgrd, auth, cpaneld, webmaild and cpdavd). For each daemon I created two allow records (one for my IP address, and the other for my hosting provider) and for each daemon I followed these two with a deny ALL.

    - - - Updated - - -

    One thing that concerns me is that I did briefly try to install CSF but there were issues with my IPTables as well as the fact that the interface was truly overwhelming for me so I decided to uninstall it. However, the problem is that during the install process I ran a script that came with CSF was intended to remove APF+BFD. The script seemed to have errors and I don't know if it worked or not, but now I'm in a situation where I'm worried that this process may have had unintended consequences to the present state of my server's security. BFD seemed to not have been removed by the script but god knows if I even had APF in the first place. I don't remember ever seeing it and I don't know where it is right now.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You could reinstall CSF or reinstall APF/BFD, depending on which firewall management tool you prefer to use. I believe documentation for CSF is available on their website if you want to become more familiar with it.

    Thank you.
     
Loading...

Share This Page