The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What services are protected by cphulk?

Discussion in 'Data Protection' started by rowtc2, Jun 30, 2009.

  1. rowtc2

    rowtc2 Member

    Jun 26, 2009
    Likes Received:
    Trophy Points:
    Do you know a list with services watched by cphulk to prevent brute force ? I want to make a list and if is a service who is not protected probably i will disable it .

    SSH - yes
    WHM - yes
    Email - yes

    Cpanel login - ?
    FTP login - ?
    SQL root server root password login - ?

    What other Linux server services are requiring password ?

    I have searched on Google and forum but i didn't find it a complete list .
  2. PlatinumServerM

    PlatinumServerM Well-Known Member

    Jul 10, 2005
    Likes Received:
    Trophy Points:
    New Jersey, USA
    cPanel Access Level:
    Root Administrator
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Nov 29, 2006
    Likes Received:
    Trophy Points:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Any service that uses TCPWrappers will be protected by cPHulkD. However, I believe there are known issues with cPHulkD and FTP as of writing that are being worked on.
  4. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    CpHulk is only one single small component in what should be a much larger
    and more far reaching security policy and plan for your entire server. It's
    only purpose is just in reducing brute force attack susceptibility to really
    Cpanel itself and doesn't begin to address the many hundreds of other
    areas of security you should implement on your server to achieve any
    really fully encompassing security solution.

    Blindly disabling services you don't understand just because it may or may
    not be "protected" as you put it is completely unwise unless you know
    what is using those services behind the scenes and have a good grasp
    on your server internals (which most don't these days unfortunately).

    PlatinumServerM gave the best advice above in activating cpHulk and
    installing Chirpy's CSF Firewall ( The LFD service
    included in that package helps as well and is actually at a core level
    far more sophisticated than the basic brute force protection that
    cPanel's built in cPHulk service provides.

    For backup protection, you could also better configure the portsentry
    port scanner that is usually included behind the scenes on Cpanel servers.
    It is weaker than CSF but operates such that the redundancy doesn't hurt
    so you can actually leave both running.

    The "Firewall Test" function in CSF will give you an idea of truly unnecessary
    services that can be disabled and will give you some additional pointers
    for further securing and tightening down your server.

    You also might want to look at installing additional security modules such as
    Mod_Security and Mod_Evasive to protect your web server from general
    Dos attacks and known and unknown web application exploits.

    For your FTP server, I'd run Pure-FTPd instead of Pro-FTPd for both
    performance and security reasons and disable direct root logins and
    anonymous file services from your FTP service configuration.

    For SSH, at the bare bones minimum I would change the port from the
    default port 22 to some other unused port (don't forget to open in firewall)
    and operate under Protocol 2 only. For increased security, you might
    want to consider moving to certificate logins only and disabling direct
    root logins but instead use wheel user escalations after login. Unless
    absolutely necessary and even then I'd strongly lean away from giving
    out SSH access to any user account aside from yourself.

    For your Apache web server itself, you should not run Apache 1.3 and be
    upgraded to at least a bare bones minimum of Apache 2.0 although there
    are additional security and performance advantages moving on up to
    Apache version 2.2 series (current latest under cPanel is 2.2.11).

    Perl and most web scripting should be SuExec enabled to run all
    those scripts as the owner user instead of Apache's "nobody" user
    so that you can better track and manage script executions.

    PHP for an enormous list of reasons should be run as a CGI operating
    under SuPHP instead of as a direct Apache DSO module and I'd
    recommend further increasing security by disabling known greater
    exploit functions and installing the SuHosin security path for PHP.

    It is generally a good idea to disable compilers from non-root access
    and make your TMP (/dev/shm) partition non-executable and non-setuid
    to make it more difficult for anyone getting into the server from being
    able to readily install server exploits and malicious scripts on your server.

    Often used and exploited shell commands commonly used by attackers
    to cover their tracks after attacks such as chown, chattr, lsattr, lpr,
    and touch can be set to root execute only and made immutable to
    limit acces to these functions. Others such as wget and lynx can be
    limited to root and cpanel execution only to limit their abuse.
    #4 Spiral, Jun 30, 2009
    Last edited: Jun 30, 2009

Share This Page