Is cPHulk operating properly? cPanel email vs cPHulk blocked IPs

doulos61

• February 14, 2014 16:33

Greetings - Periodically I will emails generated by cPanel warning of a "Large Number of Failed Login Attempts from IP xxx.xxx.xxx.xxx 5 failed login attempts to account webmaster (system) -- Large number of attempts from this IP: xxx.xx.xxx.xx Origin Country: China (CN)" The contents of the email state the details of the country origin, number of attempts and etc in addition with the detailed links that will add the IP to the black/white list. If I go into cPHulk and manually enter the IP's into the blacklist, periodically I will see that it will not let me enter it because it already exists. My question are the following - If an IP is already entered into the blacklist, then why am I even getting these notifications? Is this to just let me know that they are attempting a login connection again Is the blacklist even functioning properly? I appreciate the assistance. Thnx - Shoop

• 

  vanessa

  • February 15, 2014 00:23

  Usually by the time you get the message, cphulkd has already blocked the IP. This is evident when you attempt to block it and it's already saying the IP is blocked. Keep in mind that cphulkd is an application-level firewall. It does not and cannot block an IP from connecting to the server. All it will do is prevent the IP from being able to log in.

  0
• 

  cPanelMichael

  • February 17, 2014 13:19

  Hello :) cPHulk will not automatically block IP addresses on a permanent basis. However, you can modify the following option in "WHM Home " Security Center " cPHulk Brute Force Protection" so that the IP address is blocked for a two-week period after repeated failed login attempts: "Maximum Failures Per IP before IP is blocked for two week period" I recommend using a firewall application such as CSF to block the repeated offending IP addresses from accessing your server. Thank you.

  0

Please sign in to leave a comment.