CPHulk

From Acenet Knowledgebase
Jump to navigation Jump to search

Security is a huge priority for the cPanel development team. Not only does cPanel make sure we are providing everything to keep our customers protected, but we also provide ways for our customers to keep their clients’ information safe as well. One of our most prized features for both web, email, and server security is cPHulk. This feature, which provides great protection against brute force attacks, has been a part of our security suite for years

What is a brute force attack?

Ever get frustrated when you get locked out of an account after several failed password attempts?

While frustrating, this is a security measure used to ensure that malicious software doesn’t successfully muscle its way into your private user or customer data. In a brute force attack, an attacker attempts to enter a user account by repeatedly entering arbitrary passwords. While this method of hacking isn’t particularly refined, it can and does work. That makes protecting yourself even more important.

How cPHulk works

cPHulk is included as part of all cPanel & WHM installations and can be used to monitor and block all login attempts made to cPanel, WHM, FTP, email, and SSH. It provides administrators with a variety of ways to combat brute force attacks both automatically and manually, and cPHulk can even be used to block malicious IP addresses in your firewall.

Blocks of malicious logins can be issued in different durations from a temporary ban to a one-day or even permanent ban. The highly configurable cPHulk system allows for a great deal of control. You can specify the number of failed login attempts before an IP address is blocked, define additional actions to execute upon triggering of an automatic block, and even enable notifications to server administrators as specific events occur.

New in cPanel version 70: Country Management

In previous versions of cPanel & WHM, server administrators could only manage their blacklists or whitelists by IP address. As of v70, hosts can block login attempts by country or provide easier access to selected regions of their choosing.

This update gives hosts greater versatility in how they protect user data. For example, if a server administrator who only does business in North America is alerted to suspicious traffic from Iceland, that host can now block all login attempts coming in from that country. Subsequently, a host can still whitelist individual IPs from that list of IPs or remove the country from the blacklist entirely.