where do lookup brute force attacks?

Do you mean how to detect them? You'd want to use netstat to check for connections something like the following for port 80 traffic:

Code:

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -n

If you want a product that will detect a DDoS, you can either try to configure CSF with LFD for brute force protection (and it does have a log), or you can use something like ddos-deflate:

(D)DoS Deflate - deflate.medialayer.com

Also, there's an Apache module that can help with connection limiting called mod_qos that's part of EasyApache now. Here are details on mod_qos:

mod_qos

 

CSF with LFD is at the following location:

ConfigServer Security & Firewall

The steps to install on a cPanel machine are these:

Code:

wget http://configserver.com/free/csf.tgz
tar -xzf csf.tgz 
cd csf
./install.cpanel.sh

After that, log into WHM and at the bottom in Plugins area you will see ConfigServer Security&Firewall. You can start the firewall there. Ensure to take it out of testing mode after you've gotten it setup as you prefer, which is done in WHM > Plugins > ConfigServer Security&Firewall > Firewall configuration area. In that section, you'll see the following:

Code:

Testing = 1

Change the 1 to a 0 once you've determined you have the right ports enabled (since you used the cPanel installation script, it should have the common cPanel ports opened). Then click the "Change" button at the bottom and restart the firewall or start it.

If you have questions after this on anything for CSF and LFD, please ensure to post them on their forum:

CSF Forum