Let us learn more about cphulk brute force protection and how to set it up with the assistance of our Bobcares’ Server management support services.

Overview of Cphulk brute force protection

This interface enables us to setup cPHulk, a service that protects the server against brute force attacks. A brute force assault employs an automated technique to guess the web server or services’ password.

cPhulk keeps an eye on the following web servers and services:

• cPanel services (Port 2083).
• WHM services (Port 2087).
• Mail services (Dovecot and Exim).
• The Pure-FTPd service.
• Secure Shell (SSH) access.

cPHulk does not disclose itself as the source of a block when it blocks an IP address or account. Instead, the login page shows the following message:

The login is no longer valid

How to Enable cPHulk

Set the toggle to On to activate cPHulk on the server. By following these procedures, we can enable cPHulk Brute Force Protection in cPanel:

1. Enter the username and password for cPanel.
2. In the cPanel dashboard, click the “Security” or “Security Center” icon.
3. Choose the “cPHulk Brute Force Protection” option.
4. Choose the “Enable Protection” option.
5. Modify the security settings to get the required level of security. We may tweak the scoring system, whitelist or blacklist IP addresses, and set up email alerts for prohibited IP addresses.
6. To save the settings, click the “Save” button.

If activated, cPHulk Brute Force Protection will monitor server login attempts and ban IP addresses that fail to log in frequently.

The cPHulk Brute Force Protection interface allows us to examine and manage the list of prohibited IP addresses.

Setup settings: Cphulk brute force protection

We can setup the following options:

Username-based protection

• Username-based Protection:

  Whether or not to enable the username-based security settings. To enable the Username-based Protection option, change it to On.  This code tracks Login attempts for user accounts.

  Existing account locks will be retained when we disable cPHulk. This option is active by default.
• Period of Brute Force Protection (in minutes):

  The amount of time cPHulk spends measuring all login attempts to a given user’s account. This option is set to 5 by default.
• Maximum Failures by Account:

  The maximum number of failures allowed per account during the Brute Force Protection Period (in minutes). This option is set to 15 by default.
• Apply protection…:

  To control how cPHulk implements its protection, select one of the following options:

  a: Apply protection to local addresses only:

  Restrict username-based protection to just triggering on requests coming from the local system. This prevents a person from brute forcing additional accounts on the same server. This is the standard setting.

  b: Apply protection to local and remote addresses:

  Enable username-based security to be triggered for all queries, regardless of origin.

  c: Allow username protection to lock the “root” user:

  Whether or not to apply username-based security restrictions to the root user. This checkbox is deselected by default.

IP Address-based protection

• IP Address-based Protection:

  Whether or not to enable the IP address-related security settings. To enable the IP Address-based Protection option, toggle it to On.

  It tracks Login attempts from certain IPs.  It will retain existing account locks if cPHulk is not active. This option is active by default.
• IP Address-based Brute Force Protection Period (in minutes):

  The amount of time cPHulk spends measuring all login attempts from an attacker’s IP address. The following is classified as a brute force attack by cPHulk.

  a: Attackers from a given IP address attempt to log in several times using different usernames and passwords.

  b: They achieve the value of Maximum Failures per IP Address.
• Maximum Failures per IP Address:

  The number of attempts a prospective attacker at a certain IP address can make before cPHulk blocks that IP address.

  When we set this value to 0, cPHulk will prevent all login attempts. (this includes the root account). We must whitelist the IP address to avoid being in the lock out. This option is set to 5 by default.
• When an IP address triggers Brute Force Protection, use this command:

  When an IP address triggers brute force protection, the entire path to a command that we want the system to perform.
• If IP addresses trigger brute force protection, they are blocked at the firewall level:

  Whether we want the firewall to automatically add IP addresses that trigger brute force protection.

[Need assistance with similar queries? We are here to help]

Conclusion

To sum up we have now learned more about cphulk brute force protection. With the support of our Server management support services at Bobcares we have now seen how to enable and setup the brutal force.