Well-Known Member
Feb 2, 2018
cPanel Access Level
DataCenter Provider

I have a question on a section from the below link (section in question is below the link). I want to make sure I understand this correctly. If you have apply protection to local addresses only enabled, does this mean, it won't protect from attacks from anywhere other than your local server's IP address? So in theory, someone could just attack your server all day long (example, brute force on pureftp)? Am I thinking correctly, that you want to enable for both local and remote? Likewise, if you have only local addresses enabled, but also have the IP based protection. Does it become moot to which is selected?

cPHulk Brute Force Protection - Version 78 Documentation - cPanel Documentation

Apply protection...

Select one of the following options to control how cPHulk applies its protection:

  • Apply protection to local addresses only — Limit username-based protection to trigger only on requests that originate from the local system. This ensures that a user cannot brute force other accounts on the same server.
  • Apply protection to local and remote addresses — Allow username-based protection to trigger for all requests, regardless of their origin.