CSF, cPHulk or both?
I'm currently running both CSF (lfd) and cPHulk simultaneously.
1. When CSF lfd (login failure deamon) blocks a user, I'm able to display a simple HTML message explaining why the block occured.
2. When cPHulk blocks a user, all they see is "Wrong password message", which is annoying because users don't know what they did wrong.
My question: Does it even make sense to run both services? Could I just disable cPHulk?
What is your recipe?
-
Hello :) Some users do choose to disable cPHulk when using CSF/LFD to prevent brute force attacks. Both services offer protection from brute force attempts, so it's a user-preference if you want to use both of them. . When cPHulk blocks a user, all they see is "Wrong password message", which is annoying because users don't know what they did wrong.
This is by design to help prevent attackers from determining if a username exists on a system. Thank you.0 -
Hi Michael, thanks for the explanation :) But - does cPHulk offer some level of protection CSF doesn't? 0
Please sign in to leave a comment.
Comments
3 comments