Security is the primary concern for every customer. Due to advancements in hacking methods and cyber technologies it is high time that we need to ensure the security of the servers and, in turn, the websites. With the advent of control panels, it has become easier to administer the server and strengthen the server’s security. For a cPanel user cPHulk undoubtedly provides a trustworthy protection layer.
cPHulk is a tool that comes along with cPanel/WHM control panel. It protects the server against bruteforce attacks and disables access to Pluggable Authentication Modules (PAM). It allows a system administrator to add new authentication methods simply by installing new PAM modules and modifies the authentication policies by editing configuration files. cPHulk works differently from traditional firewall mechanisms. The firewall mechanisms like CSF blocks a particular IP or a whole range of IP addresses from accessing a server. cPHulk only prevents the login to the server by adopting various techniques. So these IP addresses can still view the websites and emails can also be delivered. Even an entire country can be blocked from logging into the server, but at the same time, they can still access the websites.
Bruteforce attacks are always a headache for system administrators. cPHulk protects services like cPanel, WHM, SSH, FTP, IMAP, SMTP and POP from bruteforce authentication attacks. These core services will be locked out for whatever interval the user has set. cPHulk is unnoticeable to the attacker and authentication attempts can appear normal, even when disabled. When cPHulk blocks an IP address or account, it does not identify itself as the source of the block. Instead, the login page displays the following warning message: The Login is invalid. cPHulk stores all the information in a database called cphulkd. It has two tables mainly: logins and brutes. The logins table stores the login authentication failures whereas the brutes table stores excessive authentication failures that are indicative of an attempt to a bruteforce attack.
Here, it is also simple to configure the settings. In order to enable cPHulk, login to WHM as a root user, go to Security center and select cPhulk Brute Force Protection. Click on “Enable” to enable cPhulk. You can modify the settings from configuration settings tab. There you can choose in how many minutes cPHulk should deny login attempts from any certain IP address. You can even configure the settings in such a way that you can send yourself an email, anytime when a brute force attempt is detected. If a trusted IP is also blocked, you can whitelist the IP in White/ Blacklist management tab under “cPHulk Brute Force Protection”. The history of blocks will be seen in “Login/Brute History Report”. If you detect any suspicious attempts, you can block the IP in Blacklist i.e. the rejected list.
Surely this is not the only method to completely strengthen your server’s security. But it is recommended to have this feature enabled. With advanced security features, you can concentrate on development aspects instead of getting distracted by server related issues.