Quantcast What does cPHulk do? cPanel's anti-hacking, brute force protection (cPHulk vs CSF) - digitalFAQ Forum
Go Back    Forum > Digital Publishing / Web Sites > Web Hosting Tutorials > cPanel WHM

Reply
 
LinkBack Thread Tools
  #1  
01-10-2012, 02:23 AM
kpmedia's Avatar
kpmedia kpmedia is offline
Site Staff | Web Hosting, Photo
 
Join Date: Feb 2004
Posts: 4,309
Thanked 368 Times in 338 Posts
cPHulk is a security feature found only on cPanel based Linux servers

It locks down the cPanel and WHM logins, SSH (shell/root access) logins, FTP logins, and IMAP/POP3 (mail) logins. These core services are locked down after too many fails from a single IP address. The lockout kicks in at whatever interval is set by the user, and lasts for as long as the user would like to set it. You can also set blacklists and whitelists for IP ranges that you know will never be valid. You could block 123.0.0.0/8, for example, which wipes out a huge chunk of China, preventing logins from that entire 123.x.x.x range.

This is one reason cPanel is superior to DirectAdmin and Plesk for Linux servers.

Unlike CSF/LDF (firewall), blacklisting IPs in cPHulk will not prevent viewing of web pages or delivery of mail. That's one key difference. It only affects the PAM, or authentication modules. So only attempts to login are blocked, traffic itself is not blocked. Because of this, you can block an entire /8 -- whole countries/continents -- without worrying that you've lost legitimate traffic of mail. All you're blocking is the login abilities. If you have the CSF/LFD plugin added to cPanel, it will ban individual problem IPs not found in the blacklist, and that blocks all traffic from that specific IP address.

I block /8's and /16's in cPHulk after receiving failure warnings from places/IPs that I know I'll never be at. CSF/LFD takes care of anything new. cPHulk email warnings alert me to new malicious traffic. (I also manually scan the LFD logs, during routine weekly monitoring. CSF/LFD emails are disabled, because it seems a bit redundant.)

Here's a more detailed description of how the cPHulk service functions, from the official docs:

Quote:
cPHulk Brute Force Protection
cPanel 11 marks the debut for the much anticipated cPHulk Protection system. cPHulk protects your vital services by disabling authentication to those services after a brute force attack is detected. It protects: cPanel, WHM, SSH, FTP, IMAP, and POP3 from brute force authentication attacks. cPHulk will remain transparent to the attacker whose authentication attempts will feel normal, even while authentication is disabled. Thus, you can get substantial information about the attack. You can even customize authentication thresholds and lock out times!
__________________

Need a good host?
Find one here --> List of Best Web Hosts - Shared, reseller, VPS, cloud, dedicated

- Did my advice help you? Then become a Premium Member and support this site.
- Please Like Us on Facebook | Follow Us on Twitter

- Need a good web host? Ask me for help! Get the shared, VPS, semi-dedicated, cloud, or reseller you need.
Reply With Quote
Someday, 12:01 PM
admin's Avatar
Ads / Sponsors
 
Join Date: ∞
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
Hacking ATI MMC 8.7 to work on 128PRO admin Capture, Record, Transfer 26 07-21-2014 06:22 AM
Power Rangers Fonts (Mystic Force), where to download ? ninjastriker Author, Make Menus, Slideshows, Burn 1 12-30-2011 09:28 AM
VHS copy protection removers for sale [SOLD] lordsmurf Marketplace 6 03-05-2008 12:07 PM
Do you use an anti-virus? firewall? lordsmurf Computers 3 11-21-2005 04:51 AM
Useful Pioneer 109 DVD burner hacking info! admin Blank Media 0 02-15-2005 04:59 AM

Thread Tools



 
All times are GMT -5. The time now is 10:03 AM