Skip to main content

Setting up CPhulk to ban for 3 months

Pete1959
I have latest version of CPHulk and it only bans for 1 day. How do I set it up to ban for 3 months? There are no options for that... to be clear this is what I want to achieve. Any wrong password attempts more than 4 will get banned for 3 months

Comments

15 comments

Date Votes
  • cPanelMichael
    Hello, Have you tried updating "IP Address-based Brute Force Protection Period (in minutes)" to a value such as 129600? That's equivalent to 90 days. Thank you.
    0
  • Pete1959
    yes but the one day ban section. What do I do there? That seems to overide the two other sections here is my current setup - Removed -
    0
  • cPanelMichael
    You can set the one day value to a higher number so it's not triggered, and so only the "IP Address-based Brute Force Protection Period (in minutes)" is utilized. However, if you are seeking native support for an option to change 1-day to 3-day in the interface, then it's a good idea to open a feature request:
    0
  • Pete1959
    I thought I did that but still they were only getting banned for 1 day
    0
  • cPanelMichael
    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • Pete1959
    If you can give me the 5 figures I should insert into the 5 fields shown in my pic above, to get the end result then I will try once more and report if it does not work. I want to simply have anyone that has 4 wrong password attempts to be banned for 3 months. thanks
    0
  • cPanelMichael
    Change "Brute Force Protection Period (in minutes)" to 5. Change "Maximum Failures per IP Address before the IP Address is Blocked for One Day" to a high value, such as "9999999". Thank you.
    0
  • Pete1959
    ? That doesn't sound like it will block for 3 months on 4 wrong attempts. Pls re explain Could the problem be that i am on a VPS running on Virtuozzo?? I have the Maximum Failures per IP Address before the IP Address is Blocked for One Day setting set to 50. the other 2 set to 4 attempts to block for 3mths in minutes. It still blocks only for one day...
    0
  • Pete1959
    so I changed the Login History Duration for Retaining Failed Logins (in minutes) TO 131487 And now when I go to history the blocks work for 3 months eg... ftp pure-ftpd 2015-03-26 15:56:35 to 2015-06-25 22:23:35 131417 minutes remaining Whew
    0
  • cPanelMichael
    I am happy to see the issue is now resolved. Thank you for updating us with the outcome.
    0
  • Pete1959
    As it was a bit confusing for me to get a 3 month ban I thought I would show my settings here for others to see. The thing that made the difference was the last setting, keepng the login history for same setting as the others above.. Hope it helps some others out there scratching their head like I was. - Removed - Please Attach Images to Posts -
    0
  • ideafrog
    OK - I need some clarification. In previous versions of cPHulk, I was able to configure so that someone was banned for up to two weeks. My Settings: User Based Protection Brute Force Protection Period: (in minutes) 20 [this is the time period within which the server monitors for incorrect access attempts] Maximum Failures by Account: 3 (I only want to allow for 3 attempts before that user is blocked) IP Address-based Protection IP Address-based Brute Force Protection Period (in minutes): 20 [the monitored period] Maximum Failures per IP Address: 3 One-Day Protection **** Maximum Failures per IP Address before the IP Address is Blocked for One Day: 3 Login History Duration for Retaining Failed Logins (in minutes): 20160 (two weeks) PROBLEM: When I review the logs: [LIST]
  • Failed Logins shows multiple accounts and has the 20610 period and counting down
  • Blocked Users is empty
  • Blocked IP Addresses is empty
  • One-Day Blocks has a list of IPs that "IP reached maximum auth failures for a one day block" and at most are blocked for ONE day *** Objective: When someone fraudulently tries to log into my server, their IP is blocked for a period of time (ideally that I can configure). In the settings above, I have it configured to monitor logins, and when 3 failures occur within a 20 minute period, it is locked down - however I cannot find a combination that allows me to block it for more than one day - and I cannot log in every day to blacklist IPs (too time consuming!) HOW do I increase the period to block the IP from being able to attempt to log in beyond One Day (denoted by the *** above)?? In an ideal world, if the IP was blocked - it would be added to the blacklist therefore never able to attempt again. Because it is only a SINGLE DAY, attempts are being made CONSTANTLY against the server - utilizing resources and putting it at risk. Please advise if I am misunderstanding something.
    • 0
  • cPanelMichael
    IP Address-based Brute Force Protection Period (in minutes): 20 [the monitored period]

    This is not the time frame of the monitored period. It's the number of minutes during which cPHulk blocks an attacker's IP address. You can increase this to block an IP address for a longer period of time. Thank you.
    0
  • Wabun
    As it was a bit confusing for me to get a 3 month ban I thought I would show my settings here for others to see. The thing that made the difference was the last setting, keepng the login history for same setting as the others above.. Hope it helps some others out there scratching their head like I was. - Removed - Please Attach Images to Posts -

    @Pete1959, have you considered to install CSF?
    0
  • vlee
    Due to some recent issues that I had with CSF I had to uninstall CSF and only use Brute Force Protection. CSF was great for many years until lately it started showing issues and blocking everything and cause all my servers to go down. So here is my Brute Force Protection Settings below. User Based Protection Brute Force Protection Period: (in minutes) 15 Maximum Failures by Account: 5 IP Address-based Protection IP Address-based Brute Force Protection Period (in minutes): 30 Maximum Failures per IP Address: 10 One-Day Protection Maximum Failures per IP Address before the IP Address is Blocked for One Day: 15 Login History Duration for Retaining Failed Logins (in minutes): 129600 Until the vendor of CSF fix the issues I am staying this way for the time being. Note: I am also running COMODO ModSecurity Rules for Apache Rule Set on all servers.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post