cPHulk Brute Force Protection
Posted by Matthew Jeffels, Last modified by Matthew Jeffels on 15 September 2016 11:02 AM
cPHulk Brute Force Protection
This section allows you to configure cPHulk which is a service that provides additional protection for your server against brute force attacks. cPHulk does this by blocking IP addresses that appear to attempt to brute force passwords and affects all accounts. You can prevent IP addresses from being blocked if you add them to the trusted list. As a result we recommend adding the IP addresses you are likely to be using for the root account to the trusted list.
The Configuration settings effect how cPHulk operates and how it goes about policing the server.
Username protection allows you to set a limit to login attempts for specific usernames within a certain period of time. In this example a user could attempt to login 5 times within 15 minuets if they exceed this there account would be locked temporarily.
The IP address protection works in a similar way to the username protection. If a user attempts to log in from an IP and fails more times than, in this example, 5 times in 15 minuets the IP will be blocked temporarily.
This setting allows you to set the amount of login failures that one IP can have over a short period of time before the IP is blocked for one day. These IP's are what you may consider adding to blacklists if this happens frequently from those addresses.
The login history allows you to set how long you keep the records of failed logins.
This section allows you to set notification options when the system detects unusual or malicious activity against your server.
This is where you add the trusted IP addresses that you don't want cPHulk to ever block. From here you can add new addresses, view current, and edit and delete them from the whitelist.
This allows you to add IP addresses to the whitelist, IP addvesses should be added in IPv4 format in addition you can add a comment along side the address.
Along side the field to add whitlisted IP's you can alos view all currently whitelisted IP's. From here you can edit them, to add comments, or delete them to remove them.
The black list is where you can view the IP addresses that have been blocked by cPHulk. From here you can also un block IP addresses of users that have managed to accidentally triggered the protection. You can also manually add addresses here with a comment as to why they were blocked.
Like the whitelist you can add IP's with comments using this panel.
You can also view all the currently blacklisted IP's and edit and remove them in the same way as the whitelist. Currently this server has no IP's blacklisted.
The history reports allow you to view all the logged data of users and IP's attempting to access your system. The drop down allows you to select from specific categories including failed logins, blocked users, blocked ips and one day blocks.
Then in the table below you can then view additional information about the category that you have selected in the table.