Enabling Brute Force Detection In cPanel
January 14th, 2008 · 8 Comments
Yesterday I wrote a post on how to protect your webserver against brute force attacks using APF and BFD. If you are using WHM, there’s similar alternative using cPHulk.
cPHulk is a brute force protection system developped by the cPanel team and is exclusive to cPanel / WHM control panels. It has been integrated with cPanel version 11. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate.
How To Enable cPHulk
Enabling cPHulk is pretty easy. Simply log into your WHM control panel as root. From the main menu on the left, click on Security Center from the Security section.
Click on the cPHulk Brute Force Detection link at the top of the page. Now you may want to configure cPHulk before you enable it. The configuration parameters are pretty much self-explanatory so I won’t go into details about this. Basically you set the number of failed attempts before an IP or an account is blocked and you set how long you want it to be blocked.
When you’re done, simply click on the Enable button at the top.
Help Me! I Have Locked Myself Out!
I did lock myself out once. I had opened my FTP client and it tried to login automatically multiple times even though I had changed my FTP password. When I realized my FTP client had failed to authenticate it was too late: I was locked out of my own webserver.
Depending on the number of failed attempts, you could be locked out for a few minutes or for a two week period. To gain back access to your server, you can simply configure your web browser to use a proxy server. This way the incoming connection will be made from another IP address than the one blocked by cPHulk.
Once you’re logged in, go into your cPHulk panel and click on the Flush DB button. That’s it! You gained back accessed. Now be careful next time!
Related Posts
- Introduction To Web Hosting Control Panels
- Reseller Hosting: How To Create Packages – Part 1
- How To Protect Your Webserver From Brute Force Attacks
- Web Hosting Control Panels 101 – vDeck
- Web Hosting Control Panels 101 – cPanel
- How to List User Accounts with cPanel / WHM
- How to Upgrade or Downgrade an Account Using cPanel / WHM
- How to Suspend and Unsuspend Accounts Using WHM
Posted in Control Panels · Security · Tutorials | 8 Comments
Popular Posts
- Understanding Basic httpd.conf Configuration Settings on Your Apache Server
- HostPapa.com Special Offer - Get Up to 7 Months Free!
- HostPapa.ca Coupon - $36 Off on Web Hosting!
- Voucher Code for HostPapa.co.uk - Get £10.00 Now!
- GoDaddy Offers Mac OS X Web Hosting
- 1and1 Internet Now Offering Hexa-Core Dedicated Servers
Tutorials by Category
- Apache (14)
- ASP & ASP.NET (1)
- Control Panels (64)
- Email Tutorials (1)
- IIS (5)
- Linux (16)
- Misc (17)
- MySQL (15)
- Perl (1)
- PHP (19)
- Ruby on Rails (1)
- Security (5)
- Virtualization (6)
- Windows Server (13)
Latest Posts
- Understanding Basic httpd.conf Configuration Settings on Your Apache Server
- 1and1 Internet Now Offering Hexa-Core Dedicated Servers
- GoDaddy Offers Mac OS X Web Hosting
- HostPapa.ca Coupon – $36 Off on Web Hosting!
- HostPapa.com Special Offer – Get Up to 7 Months Free!
- Voucher Code for HostPapa.co.uk – Get £10.00 Now!
- A Guide to Using PEAR With PHP
- HostDime to Open Datacenters in India
- PHP Configuration with the PHP.ini File
Recent Comments
- InMotion Hosting Vs GoDaddy: Shared Hosting Comparison
shalini aggarwal: I have a news website and is often going down... - How To Install IIS 7, PHP5 and MySQL 5.1 on Windows Server 2008 – Part 3
Simon: Yes, a really great resource. In... - How To Install Wordpress on IX Web Hosting Account
M. Ducher: I did everything as listed, which seemed to go well. But... - How To Install Wordpress on IX Web Hosting Account
Maplex: Uploaded in ASCII, no hidden files, haven’t gotten in... - 1and1 Vs GoDaddy: The Conclusion
Jess: Steve… the Godaddy ladies themselves signed up for it and I have not even...
8 responses so far ↓
1. Response by : Gary on Jun 21, 2008 at 8:52 am
Problem is, you lose control, with BFD you can control everything through the rules.
No whitelist for the admin, thus you can lock yourself out.
Docs suck on this. Does it use APF? Then how does it block? How much CPU is this going to cost me?
Why does it let the attacker still attack? Wasting my bandwidth?
Details!
2. Response by : Stephane Brault on Jun 21, 2008 at 2:26 pm
Hi Gary,
cpHulk restricts access at the user authentication level while APF/BFD uses iptables to block access at the server level.
Unfortunately I don’t know of any ways to whitelist some IPs with cpHulk. In fact I have a web server that’s running both APF and cpHulk.
3. Response by : cPanel Basics: How To Block Access By IP Address on Jul 9, 2008 at 1:06 pm
[...] there are some automated solutions to this (like APF or cpHulk), there are times when human intervention is [...]
4. Response by : Chuc on May 21, 2009 at 3:44 pm
You can go to a different PC with a differnt IP Address.
Log in to your WHM.
Go to Security Center > cPHulk Brute Force Protection > then flush the blocked IP’s.
This should let you back in.
5. Response by : Steve on Aug 3, 2009 at 11:57 pm
Excellent simple article thankjs.
Do you have any idea why my cpHulk database is flushing itself automatically after every failed attempt? It’s not emailing me about them any more either.
I might have changed a setting somewhere????
6. Response by : The Web Hosting Hero on Aug 4, 2009 at 8:44 am
@Steve: good question. Blocked IPs are stored in a MySQL database so I have a hard time figuring out how it can be flushed automatically.
I don’t feel like locking myself out of my server to do some testing right now but out of curiosity, does cpHulk clears its database when it starts? Could it be cause by a service that’s crashing / restarting and then flushing the cphulk database?
7. Response by : Steve on Aug 4, 2009 at 3:39 pm
Yesterday I watched the list of failed logins grow until it was registered as a brute force attack. I just kept reloading the list while on the page, and did a whois on them at the same time. Logged out and brought it up on another computer and the list was gone.
I’m not prepared to lock myself out with more testing either. How necessary is Cphulk, really. If I disable it, will there really be a danger?
8. Response by : POed on Jan 7, 2010 at 4:01 pm
Even when you white list your self it still locks you out. Good potential but only written half well. It should not lock out the root admin under any circumstances. Poor code, poor implementation.
Leave a Comment