Skip to main content

cPHulkd Brute Force Notifications - Authentication failures higher than maximum number allowed

Comments

5 comments

  • cPRex Jurassic Moderator

    Hey there!  If I'm understanding you correctly, what you're seeing is normal as cPHulk *does* take into account the further access attempts even after a ban has happened.

    We do have a table at https://docs.cpanel.net/whm/security-center/cphulk-brute-force-protection/#command-variables that shows various scenarios and how long the user would be blocked for.  Is that helpful?

    0
  • Dave W

    Thanks for your reply. 

    Does the attached picture look correct to you? In my mind the maximum allowed attempts is 2 and any further attempts after that should have been blocked. But it looks (to me at least) like there have been a further 4 attempts after the block?

    0
  • cPRex Jurassic Moderator

    Yes, that seems normal - just because cPHulk has locked an account/ip address doesn't mean that someone can't still try to access the account.  You can always block the IP address in the server's firewall manually if you see many of these coming from the same IP.

    0
  • Dave W

    Thanks again for your help.

    0
  • cPRex Jurassic Moderator

    Sure thing!

    0

Please sign in to leave a comment.