Bobcares

How to configure cPHulk settings in your server to avoid load issues

by | Jul 6, 2017

Internet is a very insecure place where anytime your server can get attacked, if not secured well. A brute force attack is one such attack that tries to login to your server by repeated password guessing attempts.

While the ideal way to prevent a brute force attack is to disable access to that service totally, it is not feasible in a public web hosting server which can get access from all over the world.

It is practically impossible to manually allow or deny each IP, from the whole range of IP addresses. That’s when a brute force protection tool becomes relevant.

What is cPHulk? How does it help?

cPHulk is a commonly used brute force protection tool that detects a brute force attack to the critical login-based services in your server such as SSH, mail, control panel, FTP, etc.

When an attack is suspected, it disables the login attempts from that IP address to the server. The blocked IP can access the site, but when trying to login, it would show an error like:

cPHulk-Block-Message

cPHulk Block Message

 

cPHulk can block 1. IP addresses from which too many failed login attempts were noticed to the services in the server and 2. Accounts that are being actively abused by failed login attempts.

cPHulk can be enabled in cPanel servers using the ‘WHM -> Security Center -> cPHulk Brute Force Protection’ option. cPHulk has certain configuration settings, which determines the effectiveness of the protection.

If not configured with the correct parameters, these settings can either cause the protection to be ineffective in preventing the attacks or can cause valid users to be blocked unnecessarily.

See how we help web hosting companies

Recently we were contacted by a web host whose server was responding very slow. Our expert server specialist examined the server and found that the server load was very high.

On further investigation, our tech could see that the server was under brute force attack, but the cPHulk settings in the server were inefficient in blocking this attack.

Today, we’ll see the major parameters in cPHulk tool and what is the purpose served by each of them.

How to configure cPHulk settings for effective server protection

The settings for cPHulk in the Configuration file are adjusted specific to each server requirement and security level that is required. The following settings can be configured for deciding how cPHulk handles attacks.

  1. IP Based Brute Force Protection Period in minutes – The time for which an IP address is blocked in the server. This should not be set to a low value, but atleast for a couple of hours or more in the case of a threat.
  2. Brute Force Protection Period in minutes – This determines the time duration for login failures, in which an IP address qualifies for a block. This should not be a high value but set as few minutes, to avoid a server load.
  3. Maximum Failures By Account – Account specific restriction where once an account hits this limit, the entire account will be blocked from further login attempts.
  4. Maximum Failures Per IP – The number of login failures that qualifies for an IP block. Once an IP address hits this limit, that IP address will be denied further login attempts. This value should not be set too high or too low, as former can make the server susceptible to attack and latter can block valid users.
  5. Maximum Failures Per IP before IP is blocked for two week period – This is a setting for a long term block for suspicious IPs. Once an IP address hits this limit, it will be blocked for two weeks.
  6. Send a notification upon successful root login when the IP is not whitelisted – This setting helps to know if someone else establishes a valid root login session to your server and to take an immediate action.

 

cPHulk-Configuration

cPHulk Configuration default settings

 

The default settings in cPanel servers are often inadequate for a fool-proof protection, and many web hosts tend to overlook that, and the servers end up getting attacked.

In this particular server, the setting for ‘maximum failures per IP’ was set to a high value (20), which prevented the attacking IPs from being blocked by the cPHulk, causing the server to go under attack.

After changing the settings to effective values, the IP addresses started getting blocked and thus saved the server from an attack and made the load stable and websites more responsive.

In addition, we also optimized the web server for optimal performance and secured the server in a 360 degree manner to avoid any vulnerabilities or exploits in it.

[ Focus on your core business without interruptions. Our tech support experts are here to manage your customers 24/7. ]

At Bobcares, our 24/7 server specialists constantly monitor all the services in the server and proactively audit the server for any errors or corruption in them.

With our systematic debugging approach for service or other software errors, we have been able to provide an exciting support experience to the customers.

If you would like to know how to avoid downtime for your customers due to errors or other service failures, we would be happy to talk to you.

 

GET 24 HOURS PHONE SUPPORT SERVICES

Use Bobcares for your phone support services. Ensure 24/7 coverage for your customers!

CONTACT US FOR 24/7 PHONE SUPPORT PLANS

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF