cPHulk

Brute Force Protection

cPHulk Brute Force Protection Security

Add the cPHulk Brute Force Protection service to your Linux server to provide robust brute force protection.

 

What is a “brute force login attempt”?

A brute force login attempt is usually an automated attempt to gain access to privileged assets by repeatedly providing user name and password credentials in hopes of guessing the correct combination.

Even if these attempts are ultimately unsuccessful, they can still, depending on volume, exhaust your server’s resources.

Thus it’s recommended to block these brute force attempts as quickly as possible and prevent them from further attempts by delaying or permanently blocking them.

What is cPHulk?

cPHulk will monitor the login attempts to your server’s core services, including

  • cPanel services (Port 2083)

  • WHM services (Port 2087)

  • Mail services (Dovecot® and Exim)

  • The PureFTPd service

  • Secure Shell (SSH) access

NOTE: cPHulk does NOT monitor or protect WordPress. So be sure you have other security in place to protect your WordPress installation.

Based upon its configuration settings which can be modified via WHM, cPHulk will block failed login attempts based on user name and ip address.

Note: cPHulk may not be installed by default on your server. Contact your server support to request installation.

IMPORTANT: Be sure to whitelist your own ip before proceeding to tighten restrictions.

Configuring cPHulk

To configure cPHulk, log into WHM and in the search box type cphulk.

configure cphulk

Whitelist Management

The first thing you should do is whitelist your own ip address. This will prevent your device from getting locked out.

Click on the Whitelist Management tab and add your ip in the box under New Whitelist Records, add a comment to identify the ip, e.g. home and then click Add.

Do the same for any other ips that will require access, e.g. your office or work ip.

Blacklist Management

Click on the Blacklist Management tab and add any ips that you want to blacklist in the  box under New Blacklist Records, add an optional identifying comment and then click Add.

How to easily add failed logins to your Blacklist.

On the Configuration Settings tab, scroll down to the Notifications section and put a check next to “Send a notification when the system detects a brute force user”.

cphulk notification settings

WHM will then send an email notification to the email address listed in WHM > Server Contacts > Edit System Preferences > scroll down to the last section and you’ll see the following

The system currently forwards mail for “root” to “[email protected]”. ([email protected] should show your email address.)

When a brute force user fails a login according to your preset condition, you’ll get an email which includes the following:

cphulk email notification

Using these links, you can choose to block either an individual ip address or an entire ip range.

Note that if you choose to block the /16 range, it will include the single ip as well as the /24 range.

When your click on the link, you’ll be directed to login to your WHM.

Once you provide the login credentials, the ip or ip range, depending on which link you clicked, will be automatically added to the cPHulk Blacklist Management entries.

Countries Management

Next you’ll want to decide whether if your server requires international access. If it does, make sure you have a list of countries that will NOT be subject to country blocking.

To block one or more countries, click the Countries Management tab. Select the countries that you want to block and then click the gear icon to open the drop-down menu.

Click “Blacklist Selected Countries” to blacklist your selections.

cphulk-countries-management-block-countries

If your server’s core services are only accessed from a specific country or countries, you can click the box to the left of the Country Name column, which will select ALL countries.

Then scroll down until you see your country that requires access and REMOVE the check next to it’s name.

Once you’ve cleared your required countries, you can then click on the gear icon and select “Blacklist Selected Countries” (see image above).

This will effectively blacklist all countries from accessing your servers core services except for those you’ve elected to allow.

History Reports

The History Reports tab will allow you to view reports based on the following: Failed Logins, Blocked Users, Blocked IP Addresses and One-Day Blocks.

If you have blocked countries, the Failed Logins report should only list failed logins for the countries that are NOT blocked.

This can be useful for quickly determining if a large number of blocks are originating from the same net block, in which case you may then decide to blacklist part or all of that net block.

Wrapping up

cPHulk Brute Force Protection can greatly enhance the security of your server by providing an additional security layer to your server firewall.

It’s user interface is clean and straight forward and does not require a high degree of technical skill to implement.

Don’t let it’s simplicity fool you though as once it’s configured properly, it’s highly effective at repelling brute force login attempts.

 

If you enjoyed this post, you might also enjoy reading the following posts:

Excellence is at the heart of what we do, 
it is what drives us and
sets us apart.

 

We strive to always get better, be better and
do better every day.

 

Excellent communication sets expectations and
delivers peace of mind.

We don't just hear, we listen and
we deliver.

 

As our client, you have our pursuit of excellence guarantee.

----------------

"Excellence is never an accident. It is always the result of high intention, sincere effort, and intelligent execution; it represents the wise choice of many alternatives - choice, not chance, determines your destiny." ~Aristotle

----------------

You have Successfully Subscribed!

Download the Tip Sheet

Download the Tip Sheet

Thanks. Enter your best email to instantly download the Google My Business Tip Sheet.

You have successfully subscribed. Here's the instant download link.

Excellence is at the heart of what we do, 
it is what drives us and
sets us apart.

 

We strive to always get better, be better and
do better every day.

 

Excellent communication sets expectations and
delivers peace of mind.

We don't just hear, we listen and
we deliver.

 

As our client, you have our pursuit of excellence guarantee.

----------------

"Excellence is never an accident. It is always the result of high intention, sincere effort, and intelligent execution; it represents the wise choice of many alternatives - choice, not chance, determines your destiny." ~Aristotle

----------------

You have Successfully Subscribed!

Download the Tip Sheet

Download the Tip Sheet

Thanks. Enter your best email to instantly download the Google My Business Tip Sheet.

You have successfully subscribed. Here's the instant download link.