0

Question:

Do my settings (shown below) prevent visitors from getting to any of the public web sites on my server if their ISP's IP Address has been blocked/black-listed through cPHulk Brute Force Protection?

Background

Lately, there has been a huge rise in foreign connection attempts to my server's resources. I am trying to prevent hackers from gaining access to my server. At the same time, I do not want visitors to the sites (hosts) on my server to be prevented from gaining access to the public sites. I have set my cPHulk BFP settings as follows:

enter image description here

To complete the loop on buttoning your server down, refer to my other question here --> How to Blacklist a Range of IPs in cPHulk Brute Force Attack Settings

P.S. for even quicker security and since I do not typically forget my password or mess up during login, I have ratched-down the three Maximum Failures settings from "4" to "3".

Community
  • 1
H. Ferrence
  • 523
  • 3
  • 10
  • 18
  • If I read this correctly, the first setting at 525949 minutes will ensure that any repeated failures (3), even spread out over this long period, will block the hacker's specific IP. The second setting for 525949 will block ALL IPs, including your own, any time any hackers fail for any account 3 times or more. According to my read of the documentation this will block ALL IPs (except perhaps white-listed ones) after any hackers try and fail 3 or more times. So, this effectively blocks ALL IPs (see http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CPHulk). Is this correct? – rholmes Mar 02 '14 at 02:57
  • The way I understood it and set it up is the upon 3 unsuccessful attempts the attacker get blocked for 1-year (ie 525949 minutes). Then with the notifications boxes checked, I get an alert anytime someone is unsuccessful and even when someone is successful logging in. I have added my home office IP and work office IP to the whitelist table and I never get blocked, etc. Whenever I get an alert on an attack from an IP, I add that IP to the blacklist 123.0.0.0/8 (@rholmes) – H. Ferrence Mar 02 '14 at 11:43
  • Great - thanks for the info. Take a look at the documentation - - especially the second one "Brute force protection period in minutes" - where I have some concern (but whitelisting may save you): "In the Brute Force Protection Period in minutes field, enter a number of minutes. If several potential hacker IPs attempt to log in and reach the cPanel user's defined log in attempts during this configured time, then this will be considered a brute force attempt. All IP addresses will be blocked from logging into the cPanel user's account. In addition, this will lock the cPanel user's account." – rholmes Mar 02 '14 at 21:40
  • This question appears to be off-topic because it is about [`working with a service provider's management interface, such as cPanel`](http://serverfault.com/help/on-topic). – HopelessN00b Jan 14 '15 at 00:00

1 Answers1

2

No. cPHulk only blocks sessions that require authentication (such as SSH, mail, and FTP) and not HTTP access. To block that you'd need to manually block them on the server-side.

Nathan C
  • 14,901
  • 4
  • 42
  • 62
  • Excellent @NathanC. That was the answer I was hoping for. I am the only person authorized and needing access to my server. So I want to prevent any possible attempt to gain access to services or resources on the server other than those that necessary through the http and https service. – H. Ferrence Jan 28 '14 at 13:40