cPHulk Brute Force Protection

cPHulk provides protection from brute force attacks against your web services.

cPHulk is Enabled
Username-based Protection

Username-based protection tracks login attempts for user accounts. When disabled, cPHulk will not lock user accounts, but existing account locks will remain.

IP Address-based Protection

IP Address-based protection tracks login attempts from specific IP addresses. When disabled, cPHulk will not block IP addresses, but existing blocks will remain.

The following variables may be used in commands:

  • %exptime% - The Unix time when brute force protection will release the block
  • %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
  • %current_failures% - Number of current failures
  • %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
  • %reason% - The reason for the block
  • %remote_ip% - The blocked IP address
  • %authservice% - The last service to request authentication (for example, webmaild)
  • %user% - The last username to request authentication
  • %logintime% - The time of the request
  • %ip_version% - The IP version (4 or 6)

One-day Blocks

The following variables may be used in commands:

  • %exptime% - The Unix time when brute force protection will release the block
  • %max_allowed_failures% - Maximum allowed failures to trigger this type (excessive or non-excessive failures)
  • %current_failures% - Number of current failures
  • %excessive_failures% - 0 (not an excessive login failure) or 1 (an excessive login failure)
  • %reason% - The reason for the block
  • %remote_ip% - The blocked IP address
  • %authservice% - The last service to request authentication (for example, webmaild)
  • %user% - The last username to request authentication
  • %logintime% - The time of the request
  • %ip_version% - The IP version (4 or 6)

Login History
Notifications

Note: Users can enable login notifications in the Contact Information area inside of cPanel.

Whitelist

Note: IP addresses on the whitelist can always log in to your server.
Page Size

Displaying 0 to 0 out of 0 records

IP Address Comment Actions
The whitelist is empty.

Blacklist

Note: IP addresses on the blacklist can never log in to your server.
Page Size

Displaying 0 to 0 out of 0 records

IP Address Comment Actions
The blacklist is empty.

Failed Logins

The system counts Failed Logins for the duration of the specified period, which is currently set to “360” minutes.

User IP Address Service Authentication Service Login Time Expiration Time Minutes Remaining
The Failed Logins list is empty.