where do lookup brute force attacks?

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Do you mean how to detect them? You'd want to use netstat to check for connections something like the following for port 80 traffic:

Code:
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -n
If you want a product that will detect a DDoS, you can either try to configure CSF with LFD for brute force protection (and it does have a log), or you can use something like ddos-deflate:

(D)DoS Deflate - deflate.medialayer.com

Also, there's an Apache module that can help with connection limiting called mod_qos that's part of EasyApache now. Here are details on mod_qos:

mod_qos
 

webstuff

Well-Known Member
Jul 19, 2011
76
2
58
ok i was in root in cpanel.. and i typed in csf to the list thing and it doesnt seem to show up.. where would i go to get into it? or would i have to install? and if i have to install where would I go to do that? thanks
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
CSF with LFD is at the following location:

ConfigServer Security & Firewall

The steps to install on a cPanel machine are these:

Code:
wget http://configserver.com/free/csf.tgz
tar -xzf csf.tgz 
cd csf
./install.cpanel.sh
After that, log into WHM and at the bottom in Plugins area you will see ConfigServer Security&Firewall. You can start the firewall there. Ensure to take it out of testing mode after you've gotten it setup as you prefer, which is done in WHM > Plugins > ConfigServer Security&Firewall > Firewall configuration area. In that section, you'll see the following:

Code:
Testing = 1
Change the 1 to a 0 once you've determined you have the right ports enabled (since you used the cPanel installation script, it should have the common cPanel ports opened). Then click the "Change" button at the bottom and restart the firewall or start it.

If you have questions after this on anything for CSF and LFD, please ensure to post them on their forum:

CSF Forum
 

storminternet

Well-Known Member
Nov 2, 2011
460
0
66
cPanel Access Level
Root Administrator