Brute force protection

What is a brute force attack?

Put simply, a brute force attack is when a malicious user runs a script that attempts to automatically log into a secure area by quickly running through a list of possible passwords. It's common for this type of attack to send multiple invalid login requests to our servers because the script is simply guessing a users password. Because of this, it's quite easy to detect. Although it may seem like a silly thing for a malicious user to do, these types of attacks are more common than you may think.

What does Webcentral do to protect my account from brute force attacks?

cPHulk is a security feature used on cPanel Hosting to protect against brute force attacks. It locks down access to the following services if it detects too many failed login attempts coming from a single IP address.

  • cPanel
  • WHM
  • SSH
  • FTP
  • IMAP
  • POP3
  • SMTP

The blacklisting of an IP address in cPHulk doesn't prevent the viewing of web pages or delivery of mail. It only affects the authentication modules in cPanel and therefore only affects users who are attempting to log in from a particular IP address that has been blocked. Traffic, such as visitors to a website and emails sent to an account, are not affected. This security system protects you by blocking malicious users from continuing to attempt to log into your account by guessing your passwords.

What happens if I've gotten myself locked out of my own account?

It is possible that you may send too many invalid login attempts to a server yourself and get your own IP address blocked. You'll notice this has happened to you if:

  • Every computer within your office suddenly is unable to connect to the email server.
  • Your email software may ask you to enter your password over and over again even through you are 100% certain you are entering in the correct password.

If this happens to you, don't panic, our support team is just a phone call away. Unfortunately, we are unable to allow customers to unblock themselves as this would defeat the entire purpose of the security system. Our staff are able to search the cPHulk security logs and determine if your particular IP address has been blocked. They will also be able to tell you which particular email address triggered the lockout. If it is determined that your IP address has been blocked, a senior member of our technical support team is able to get your IP address unblocked. This will grant you access to your services again.

What steps can I take to prevent myself from getting locked out of my own account?

If you happen to get yourself locked out of your account due to triggering the cPHulk security system, our staff can organise to remove your IP address from the block list for you. However, it's important that you take steps to ensure your devices are not sending invalid login requests to the server, otherwise you may find yourself getting locked out of your account again. This can be a very frustrating experience, especially if it occurs multiple times in a row. Below are some steps you should take to prevent this from happening:

Before we unblock your IP address

  1. Review all desktops/laptops and double check the password settings on every account
  2. Review all mobile devices and double check the password settings on every account
  3. If you want to be 100% certain your passwords are correct, you should update your email passwords within cPanel then update the passwords in your email applications so that they match
  4. Modify POP accounts so that mail check intervals are greater than 5 minutes
  5. Devices using IMAP require 'interval' mail checking* to be disabled
  6. Close down any email applications and mobile devices that use the email address that triggered the cPHulk lock out

* IMAP is a live connection to the server which authenticates once. Any changes on the server, such as the arrival of a new message is instantly reflected in your email client, interval based mail checking is then redundant.

After we unblock your IP address

  1. Turn the mail applications back on at each of your desktop/laptops
  2. Let these run for a few hours to ensure no further blocking is occurring
  3. Turn each mobile device back on, waiting 30 minutes between each activation

99% of the time this will have resolved your issue. If you encounter the problem again after following the above steps, there are a few additional things that you can try with the help of our support staff. Please contact us for further information.