Security is a huge priority for the cPanel team. Not only do we make sure we are providing everything we can to keep our customers protected, but we also provide ways for our customers to keep their clients’ information safe as well. One of our most prized features for both web, email, and server security is cPHulk. This feature, which provides great protection against brute force attacks, has been a part of our security suite for years — and now it’s become even more powerful with the release of cPanel & WHM version 70.

What is a brute force attack?

Ever get frustrated when you get locked out of an account after several failed password attempts?

While frustrating, this is a security measure used to ensure that malicious software doesn’t successfully muscle its way into your private user or customer data. In a brute force attack, an attacker attempts to enter a user account by repeatedly entering arbitrary passwords. While this method of hacking isn’t particularly refined, it can and does work. That makes protecting yourself even more important.

How cPHulk works

cPHulk is included as part of all cPanel & WHM installations and can be used to monitor and block all login attempts made to cPanel, WHM, FTP, email, and SSH. It provides administrators with a variety of ways to combat brute force attacks both automatically and manually, and cPHulk can even be used to block malicious IP addresses in your firewall.

Blocks of malicious logins can be issued in different durations from a temporary ban to a one-day or even permanent ban.  The highly configurable cPHulk system allows for a great deal of control. You can specify the number of failed login attempts before an IP address is blocked, define additional actions to execute upon triggering of an automatic block, and even enable notifications to server administrators as specific events occur.

More Powerful in Version 70: Country Management

In previous versions of cPanel & WHM, server administrators could only manage their blacklists or whitelists by IP address. As of v70, hosts can block login attempts by country or provide easier access to selected regions of their choosing.

This update gives hosts greater versatility in how they protect user data. For example, if a server administrator who only does business in North America is alerted to suspicious traffic from Iceland, that host can now block all login attempts coming in from that country. Subsequently, a host can still whitelist individual IPs from that list of IPs or remove the country from the blacklist entirely.

“The way we built this update to cPHulk is exciting for multiple reasons,” says Jason Kiniry, one of our developers. “Not only is the update more powerful, but the changes we’ve made to the system’s task queue is encouraging us to think about new ways to provide better experiences that also put less of a load on our users’ machines.“

Take it for a test drive!

Head to your cPanel & WHM account and start exploring the updates we’ve made to cPHulk and come back to the cPanel blog to learn the new updates we’re pushing out.

Do you already use cPHulk? Let us know your thoughts about the update in the comments below.