Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Trivially weak passwords are permitted. - why issue

Discussion in 'Security' started by postcd, Sep 12, 2014.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    694
    Likes Received:
    15
    Trophy Points:
    68
    The security advisor (Home »Security Center »Security Advisor)

    says:
    i have strength 10 in Home »Security Center »Password Strength Configuration

    i thought there is a cphulk enabled which prevent excessive password guessing, so why i should worry having allowed this lower level of password complexity?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,216
    Likes Received:
    1,937
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    cPHulk is designed to help prevent brute force attacks, but it does not prevent someone from attempting them, and is not a replacement for good security practices. Using a strong password increases the number of login attempts it takes to crack a password.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,756
    Likes Received:
    87
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Because Hackers now employ distributed slow brute force attacks which if I am am not mistaken cphulk does not defend against this. Michael can confirm or deny this if its true

    Best to install csf & enable distributed attack protection

    even though you customers may not like it you have to protect them from their own stupidity
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,216
    Likes Received:
    1,937
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, it's true that someone could just attempt a low number of logins per hour and not trigger a block from cPhulk. The "Scenario" section in our cPHulk documentation page explains this:

    cPHulk Brute Force Detection

    It's one of several reasons why strong passwords should always be used.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice