What is a brute force attack?
Ever get frustrated when you get locked out of an account after several failed password attempts?
While frustrating, this is a security measure used to ensure that malicious software doesn’t successfully muscle its way into your private user or customer data. In a brute force attack, an attacker attempts to enter a user account by repeatedly entering arbitrary passwords. While this method of hacking isn’t particularly refined, it can and does work. That makes protecting yourself even more important.
How cPHulk works
cPHulk is included as part of all cPanel & WHM installations and can be used to monitor and block all login attempts made to cPanel, WHM, FTP, email, and SSH. It provides administrators with a variety of ways to combat brute force attacks both automatically and manually, and cPHulk can even be used to block malicious IP addresses in your firewall.
Blocks of malicious logins can be issued in different durations from a temporary ban to a one-day or even permanent ban. The highly configurable cPHulk system allows for a great deal of control. You can specify the number of failed login attempts before an IP address is blocked, define additional actions to execute upon triggering of an automatic block, and even enable notifications to server administrators as specific events occur.
Typical settings for Brute force protection that we enforce in our servers include
- If a username fails 5 times to login then he is blocked for 10 minutes
- If someone tries 5 times and fails with different usernames from a specific IP address then he is blocked for 15 minutes
- If Failures continue and reach 20 then they are blocked for 24 hours
By enforcing the above with miltiple firewall levels and by combining this a a strong password it is virtually impossible for someone to login into the server without having the credentials