How do you get Protection Against Brute Force Attacks Using cPHulk?
Posted by Allura on 05 03 2019.
One can navigate to (WHM>> Home>> Security Center>> cPHulk Brute Force Protection) to make use of this feature.
cPHulk is a service that is used to prevent and protect your server against brute fore attacks and this interface enables you to organize and construct cPHulk. What a brute force attack does is, suing an automated system it guess the password of your web browser or services.
The services monitored by cPHulk are:
- Secure Shell (SSH) access
- The PureFTPd service.
- Mail ervices (Dovecort nd Exim)
- cPanel services (Port 2083)
- WHM services (Port 2087)
Some Points to Remember:
- cPHulk does not identify itself as the block source on blocking an IP address. A warning message of “The login is invalid” is displayed.
- To prevent the chances of the root user account getting locked out, It is advisable for you to add your own IP address to the whitelist.
- Even if cPHulk shuts down one or more or all accounts on your server, you can still authenticate your server using the public keys, API tokens and access hashes.
- the cPanel Support’s IP addresses are automatically added to cPHulk’s whitelist by the Create Support Ticket interface which can be navigated by (WHM>> Home>> Support>> Create Support Ticket)
- All you have to do is et the toggle to on to enable cPHulk on the server.
- Automatically, the UseDNS setting is enabled in the /etc/ssh/sshd_config file. Then the PAM or Password Authentication Module receives the hostname from the UseDNS. PAM is dispatched with WHM and cPanel for SSh session authentication. If a login attempt is a brute force attack or not is determined by the cPanel and hence it requests the PAM for authentication information.
- the system disables the UseDNS setting as you enable cPHulk. This is because when an attacker tricks a DNS pointer record to pass off as a trusted hostname, there is a clash between the UseDNS setting and cPHulk’s whitelist. Now the attacker gets unlimited login attempts to implement a brute force attack on the server.
For example, this is how the cPHulk will respond to a hacking scenario:
- Address: 192. 168. 0.1
- Password: hacker uses different passwords every time
- Number of attempts: 5 to 9
- Duration: 5 minutes
- cPHulk’s response: lock the username account for 5 minutes
All facts about cPHulk has been enclosed in this article.