Brute Force Detection (BFD) in CPanel
We’ve all been faced with the problem of weak passwords. As much as you inform users about password security, they want to use something they can easily remember. So, we end up with passwords like ‘ilovesue’ and ‘spunky′. Even with the new password strength meters in cPanel, it is important to go that extra step to make sure that your users are protected, well, from themselves.
Net Solutions uses cPHulk which enables a brute force password protection system. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate.
BFD Protection is necessary as, there are literally thousands of attempts made every day to gain access to peoples accounts. Users will never notice as cPHulk works in the background blocking access to IP addresses originating from China, Taiwan, Russia, etc.
So while BFD may be seen as an inconvenience if you get locked out, imagine the risks of allowing someone else to gain access to your account by password guessing. What would you have to lose?
Account Level Blocks
This will block access to a specific account for a period of time. If you find yourself blocked and continue to try and authenticate while you are blocked, the time will get extended.
IP Address Level Blocks
This will block your IP address. Block of this type will prevent you from having any access to the server including access to CPanel itself.
Thresholds
Account Level
- How long an account is locked out when it reaches the failure limit: 5min
- Maximum Failures by account: 15
IP Address
- Number of minutes a remote IP is locked out when it reaches the failure limit: 15min
- Maximum Failures by remote IP Address:5
- Maximum Falures by remote IP before IP is blocked for two weeks:30
I got blocked from my own server by BFD! Now what?
In most cases once you have been blocked by your server’s BFD system the easiest way to regain access is to simply create a Support Ticket with our support team. (No need to feel embarrassed. We fix issues like this all the time!)
The vast majority of cases that our support department handles involving customers who are blocked by their own servers are due to FTP clients that contain a saved password. If someone in your company, group, organization, or household changes the password to that FTP account and doesn’t notify you to update your saved password it is quite easy to end up blocked by the server. Most FTP clients automatically reconnect several times if the initial attempt fails, and once your FTP client with the bad password attempts to login several times and fails the server’s BFD system will kick in and block your IP address.
Customers in an office environment that utilize a private network connected to the internet may find their entire office blocked by their server. This happens (usually in a small/home office situation) when multiple computers are sharing a single internet connection, meaning they also share the same public facing IP address. Once a single computer on that local network gets blocked by the server all of the other local computers will find themselves blocked as well.
While this can cause some initial panic there is no need for concern. Even if you are temporarily blocked by your own server that does not mean it is down. It may be ignoring your requests for a short while but it is still working away, handling the tasks from other visitors to your web site(s).
