Understanding cPHulk configuration settings

FM Kappungal

Member
Feb 24, 2019
19
3
3
Saudi Arabia
cPanel Access Level
Root Administrator
Under the basic configuration settings of cPHulk, I see the following:

  • [*]Apply protection to local addresses only — Limit username-based protection to trigger only on requests that originate from the local system. This ensures that a user cannot brute force other accounts on the same server.
    [*]Apply protection to local and remote addresses — Allow username-based protection to trigger for all requests, regardless of their origin.

I just can't seem to understand what exactly this setting means even after reading it multiple times. Can someone explain it to me in simple plain terms with some example.

Thanks a lot.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @FM Kappungal,

  • Apply protection to local addresses only — Limit username-based protection to trigger only on requests that originate from the local system. This ensures that a user cannot brute force other accounts on the same server.
  • Apply protection to local and remote addresses — Allow username-based protection to trigger for all requests, regardless of their origin.
Username-based protection tracks login attempts for user accounts. If you choose Apply protection to local addresses only, then cPHulk will only count login attempts originating from the local server (e.g. localhost, 127.0.0.1). For instance, let's say a cPanel user creates a PHP script like the one on this document and attempts to authenticate as another user to cPanel or WHM. If Apply protection to local addresses only is enabled, cPHulk will track and block these login attempts. If you choose Apply protection to local and remote addresses, then cPHulk will track and block both local login attempts and login attempts from remote IP addresses.

Thank you.
 
  • Like
Reactions: FM Kappungal

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
I want to block users who try to log in with the wrong password to their email either using webmail from the browser or using POP/IMAP thru a mail client like Outlook.

Will this setting help with such a scenario?
You'd choose Apply protection to local and remote addresses.

Thank you.
 
  • Like
Reactions: FM Kappungal