Bobcares

cPHulk Brute Force Protection: Complete Guide

by | Apr 11, 2023

Let us learn more about cphulk brute force protection and how to set it up with the assistance of our Bobcares’ Server management support services.

Overview of Cphulk brute force protection

cphulk brute force protection

This interface enables us to setup cPHulk, a service that protects the server against brute force attacks. A brute force assault employs an automated technique to guess the web server or services’ password.

cPhulk keeps an eye on the following web servers and services:

  • cPanel services (Port 2083).
  • WHM services (Port 2087).
  • Mail services (Dovecot and Exim).
  • The Pure-FTPd service.
  • Secure Shell (SSH) access.

cPHulk does not disclose itself as the source of a block when it blocks an IP address or account. Instead, the login page shows the following message:

The login is no longer valid

How to Enable cPHulk

Set the toggle to On to activate cPHulk on the server. By following these procedures, we can enable cPHulk Brute Force Protection in cPanel:

  1. Enter the username and password for cPanel.
  2. In the cPanel dashboard, click the “Security” or “Security Center” icon.
  3. Choose the “cPHulk Brute Force Protection” option.
  4. Choose the “Enable Protection” option.
  5. Modify the security settings to get the required level of security. We may tweak the scoring system, whitelist or blacklist IP addresses, and set up email alerts for prohibited IP addresses.
  6. To save the settings, click the “Save” button.

If activated, cPHulk Brute Force Protection will monitor server login attempts and ban IP addresses that fail to log in frequently.

The cPHulk Brute Force Protection interface allows us to examine and manage the list of prohibited IP addresses.

Setup settings: Cphulk brute force protection

We can setup the following options:

Username-based protection

  • Username-based Protection:

    Whether or not to enable the username-based security settings. To enable the Username-based Protection option, change it to On.  This code tracks Login attempts for user accounts.

    Existing account locks will be retained when we disable cPHulk. This option is active by default.

  • Period of Brute Force Protection (in minutes):

    The amount of time cPHulk spends measuring all login attempts to a given user’s account. This option is set to 5 by default.

  • Maximum Failures by Account:

    The maximum number of failures allowed per account during the Brute Force Protection Period (in minutes). This option is set to 15 by default.

  • Apply protection…:

    To control how cPHulk implements its protection, select one of the following options:

    a: Apply protection to local addresses only:

    Restrict username-based protection to just triggering on requests coming from the local system. This prevents a person from brute forcing additional accounts on the same server. This is the standard setting.

    b: Apply protection to local and remote addresses:

    Enable username-based security to be triggered for all queries, regardless of origin.

    c: Allow username protection to lock the “root” user:

    Whether or not to apply username-based security restrictions to the root user. This checkbox is deselected by default.

IP Address-based protection

  • IP Address-based Protection:

    Whether or not to enable the IP address-related security settings. To enable the IP Address-based Protection option, toggle it to On.

    It tracks Login attempts from certain IPs.  It will retain existing account locks if cPHulk is not active. This option is active by default.

  • IP Address-based Brute Force Protection Period (in minutes):

    The amount of time cPHulk spends measuring all login attempts from an attacker’s IP address. The following is classified as a brute force attack by cPHulk.

    a: Attackers from a given IP address attempt to log in several times using different usernames and passwords.

    b: They achieve the value of Maximum Failures per IP Address.

  • Maximum Failures per IP Address:

    The number of attempts a prospective attacker at a certain IP address can make before cPHulk blocks that IP address.

    When we set this value to 0, cPHulk will prevent all login attempts. (this includes the root account). We must whitelist the IP address to avoid being in the lock out. This option is set to 5 by default.

  • When an IP address triggers Brute Force Protection, use this command:

    When an IP address triggers brute force protection, the entire path to a command that we want the system to perform.

  • If IP addresses trigger brute force protection, they are blocked at the firewall level:

    Whether we want the firewall to automatically add IP addresses that trigger brute force protection.

[Need assistance with similar queries? We are here to help]

Conclusion

To sum up we have now learned more about cphulk brute force protection. With the support of our Server management support services at Bobcares we have now seen how to enable and setup the brutal force.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF