In order to make your site and network more secure, you should install and take advantage of proper safeguarding software. Firewalls, anti-malware, and anti-virus programs are must haves.
Aside from firewalls, malware protection, and anti-virus programs, you should also implement the use of brute-force attacks protection software. cPHulk, LFD, and BFD are three of the best examples.
Native to cPanel, this app-level firewall basically prevents all login attempts from IP addresses that have already failed to go through correct authentication after multiple attempts. This restriction only applies within a set period of time though, so keep that in mind.
Once an IP address reaches a certain threshold, the program adds it to the cPhulk blacklist and then links it to the Linux PAM system. This process will then dynamically block the IP address from further authentication.
The cPHulk Advantage
There are plenty of advantages to using cPHulk. One is its ease of set up and management.
All you need to do is to log in to your WHM account and then head to the “cPHulk Brute Force Detection” option and enable it. You can conduct all management tasks from this location. Just in case you get blocked, just SSH into the server, go to the database, and then lift the ban. To prevent this in the first place, put yourself in the whitelist.
LFD & BFD
ConfigServer Firewall (CSF) has a popular extension called Login Failure Daemon, but more popularly referred to as LFD. BFD (Brute-Force Detection), on the other hand, is one of the extensions of Advanced Policy Firewall (APF), another commonly used app favored by Linux servers.
With influences from the natively-provided iptables module, both LFD and BFD help make things even more secure. Although they have varying operational procedures, they still share certain similarities. For instance, both of them have scanning features designed to sift through log files for login failures that go beyond a set threshold. Once they detect this, they block the IP address. You can choose to block it temporarily or permanently.
The LFD and BFD Advantage
One advantage to enabling both the LFD and the BFD is that whenever you add IP addresses with a DROP rule through the iptables, the IP address will no longer have the ability to connect to your server until you remove the rule. Because of the non-establishment of connection, the IP address can no longer make any attempt to login. Since no connection can be established, no further login attempts from that IP can be made. Most system administrators and managers prefer this type of behavior.
The Bottom Line
All of these brute-force attack protective features will help you efficiently mitigate the extremely damaging effects of brute-force attacks. Whether attackers focus on your files, documents, applications, servers, or the entire site itself, you should never underestimate the power of cPHulk, LFD, and BFD. So the earlier you make use of them, the better and more secure you will feel.