Valid for versions 82 through the latest version
Version:
82
Overview
1. Whitelist Managament
2. Blacklist Management
3. Countries Management
4. History Reports
History Reports
The History Reports tab displays information about failed attempts to log in to your server.
cPHulk stores failed login attempts in the cphulkd database.
-
You may wish to access this database in order to identify IP addresses to add to the blacklist.
-
You may wish to clear this database in order to conserve system resources. To clear the database, click Clear Data for All Reports. This action does not clear cPHulk’s whitelist or blacklist.
To view a report, select the report type from the Select a Report menu.
Failed Logins or Blocked Users
The Failed Logins and Blocked Users reports display the following information:
-
User — The user who attempted to log in to your server.
-
IP Address — The IP address from which the user attempted to log in to your server.
-
Service - The service on your server to which the user attempted to log in. For example:
-
system — cPanel, SSH, or WHM.
-
mail — A POP3 or IMAP email client, or Webmail.
-
ftp — Normal FTP accounts.
-
-
The Password Authentication Module (PAM) identifies the lack of @domain in a username to determine whether a user is a cPanel user.
-
Any attempt to log in with a username without
@domain
displays in cPHulk (or thecphulkd
daemon) as system, regardless of which service the user attempted to log in to.
-
Authentication Service — The authentication service of the failed login attempt.
-
Login Time — The time, in 24-hour format, when cPHulk blocked the IP address.
-
Expiration Time — The time, in 24-hour format, when cPHulk will remove the block.
-
Minutes Remaining — The number of minutes that remain in the lockout period.
The system may store these login attempts if, for example, a cPanel user enters the account’s password incorrectly.
Blocked IP Addresses or One-day Blocks
The Blocked IP Addresses and One-day Blocks reports display the following information:
-
IP Address — The IP address from which the user attempted to log in to your server.
-
Comments — Information about the IP address.
Note:The system populates this data when it records an IP address. However, sometimes this column does not to contain any information. -
Begin Time — The time, in 24-hour format, when cPHulk blocked the IP address.
-
Expiration Time — The time, in 24-hour format, when cPHulk will remove the block.
-
Minutes Remaining — The number of minutes that remain in the lockout period.
-
Actions - Click Remove Block to manually remove the block for this IP address.
Example behavior
The following table contains variables for different hacking scenarios, and cPHulk’s response if you use the default settings:
Address | Account | Password | Attempts | Time Range | cPHulk’s response |
---|---|---|---|---|---|
192.168.0.1 |
username |
N/A | One. | N/A | No response. |
192.168.0.1 |
username |
The same password each time. | Five or more. | 365 minutes. | No response. |
192.168.0.1 |
username |
Different passwords each time. | Five to nine. | Five minutes. | Lock the username account for five minutes. |
192.168.0.1 |
username |
Different passwords each time. | Five or more. | 365 minutes. | No response. |
192.168.0.1 |
username |
Different passwords each time. | 10 to 29. | Five minutes. | Block 192.168.0.1 for 15 minutes. |
192.168.0.1 |
username |
Different passwords each time. | 30 or more. | Five minutes. | Block 192.168.0.1 for two weeks. |
Various | username |
N/A | Five or more. | Five minutes. | Lock the username account for five minutes. |
Various | Various | N/A | Five or more. | Five minutes. | No response. |
192.168.0.1 |
Various | N/A | Five to nine. | Five minutes. | No response. |
192.168.0.1 |
Various | N/A | 10 to 29. | Five minutes. | Block 192.168.0.1 for 15 minutes. |
192.168.0.1 |
Various | N/A | 30 or more. | Five minutes. | Block 192.168.0.1 for two weeks. |
Last modified: May 13, 2020