BuycPanel Blog

BuycPanel Blog

Latest news and updates

How do you get Protection Against Brute Force Attacks Using cPHulk?

Posted by Allura on 05 03 2019.

One can navigate to (WHM>> Home>> Security Center>> cPHulk Brute Force Protection) to make use of this feature.
Introduction
cPHulk is a service that is used to prevent and protect your server against brute fore attacks and this interface enables you to organize and construct cPHulk. What a brute force attack does is, suing an automated system it guess the password of your web browser or services.

The services monitored by cPHulk are:

 	Secure Shell (SSH) access
 	The PureFTPd service.
 	Mail ervices (Dovecort nd Exim)
 	cPanel services (Port 2083)
 	WHM services (Port 2087)


Some Points to Remember:

 	cPHulk does not identify itself as the block source on blocking an IP address. A warning message of “The login is invalid” is displayed.
 	To prevent the chances of the root user account getting locked out, It is advisable for you to add your own IP address to the whitelist.
 	Even if cPHulk shuts down one or…

One can navigate to (WHM>> Home>> Security Center>> cPHulk Brute Force Protection) to make use of this feature.

Introduction

cPHulk is a service that is used to prevent and protect your server against brute fore attacks and this interface enables you to organize and construct cPHulk. What a brute force attack does is, suing an automated system it guess the password of your web browser or services.

The services monitored by cPHulk are:

  • Secure Shell (SSH) access
  • The PureFTPd service.
  • Mail ervices (Dovecort nd Exim)
  • cPanel services (Port 2083)
  • WHM services (Port 2087)

Some Points to Remember:

  • cPHulk does not identify itself as the block source on blocking an IP address. A warning message of “The login is invalid” is displayed.
  • To prevent the chances of the root user account getting locked out, It is advisable for you to add your own IP address to the whitelist.
  • Even if cPHulk shuts down one or more or all accounts on your server, you can still authenticate your server using the public keys, API tokens and access hashes.
  • the cPanel Support’s IP addresses are automatically added to cPHulk’s whitelist by the Create Support Ticket interface which can be navigated by (WHM>> Home>> Support>> Create Support Ticket)

Enabling cPHulk

  • All you have to do is et the toggle to on to enable cPHulk on the server.
  • Automatically, the UseDNS setting is enabled in the /etc/ssh/sshd_config file. Then the PAM or Password Authentication Module receives the hostname from the UseDNS. PAM is dispatched with WHM and cPanel for SSh session authentication. If a login attempt is a brute force attack or not is determined by the cPanel and hence it requests the PAM for authentication information.
  • the system disables the UseDNS setting as you enable cPHulk. This is because when an attacker tricks a DNS pointer record to pass off as a trusted hostname, there is a clash between the UseDNS setting and cPHulk’s whitelist. Now the attacker gets unlimited login attempts to implement a brute force attack on the server.

For example, this is how the cPHulk will respond to a hacking scenario:

  • Address: 192. 168. 0.1
  • Password: hacker uses different passwords every time
  • Number of attempts: 5 to 9
  • Duration: 5 minutes
  • cPHulk’s response: lock the username account for 5 minutes

Conclusion

All facts about cPHulk has been enclosed in this article.