digitalFAQ.com Forum

digitalFAQ.com Forum (https://www.digitalfaq.com/forum/)
-   Web Hosting (https://www.digitalfaq.com/forum/web-hosting/)
-   -   What does cPHulk do? cPanel's anti-hacking, brute force protection (cPHulk vs CSF) (https://www.digitalfaq.com/forum/web-hosting/3808-cphulk-cpanels-anti.html)

kpmedia 01-10-2012 02:23 AM

What does cPHulk do? cPanel's anti-hacking, brute force protection (cPHulk vs CSF)
 
cPHulk is a security feature found only on cPanel based Linux servers

It locks down the cPanel and WHM logins, SSH (shell/root access) logins, FTP logins, and IMAP/POP3 (mail) logins. These core services are locked down after too many fails from a single IP address. The lockout kicks in at whatever interval is set by the user, and lasts for as long as the user would like to set it. You can also set blacklists and whitelists for IP ranges that you know will never be valid. You could block 123.0.0.0/8, for example, which wipes out a huge chunk of China, preventing logins from that entire 123.x.x.x range.

This is one reason cPanel is superior to DirectAdmin and Plesk for Linux servers. :thumb:

Unlike CSF/LDF (firewall), blacklisting IPs in cPHulk will not prevent viewing of web pages or delivery of mail. That's one key difference. It only affects the PAM, or authentication modules. So only attempts to login are blocked, traffic itself is not blocked. Because of this, you can block an entire /8 -- whole countries/continents -- without worrying that you've lost legitimate traffic of mail. All you're blocking is the login abilities. If you have the CSF/LFD plugin added to cPanel, it will ban individual problem IPs not found in the blacklist, and that blocks all traffic from that specific IP address.

I block /8's and /16's in cPHulk after receiving failure warnings from places/IPs that I know I'll never be at. CSF/LFD takes care of anything new. cPHulk email warnings alert me to new malicious traffic. (I also manually scan the LFD logs, during routine weekly monitoring. CSF/LFD emails are disabled, because it seems a bit redundant.)

Here's a more detailed description of how the cPHulk service functions, from the official docs:

Quote:

cPHulk Brute Force Protection
cPanel 11 marks the debut for the much anticipated cPHulk Protection system. cPHulk protects your vital services by disabling authentication to those services after a brute force attack is detected. It protects: cPanel, WHM, SSH, FTP, IMAP, and POP3 from brute force authentication attacks. cPHulk will remain transparent to the attacker whose authentication attempts will feel normal, even while authentication is disabled. Thus, you can get substantial information about the attack. You can even customize authentication thresholds and lock out times!
__________________

Need a good host?
Find one here --> http://www.digitalfaq.com/forum/web-...-best-web.html


All times are GMT -5. The time now is 08:45 AM

Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.