We’ve all been faced with the problem of weak passwords. As much as you inform users about password security, they want to use something they can easily remember. So, we end up with passwords like ‘ilovejohn’ and ‘toyota90210′. Even with the new password strength meters in cPanel, it is important to go that extra step to make sure that your users are protected, well, from themselves.
cPanel 11 marks the release of cPHulk, a brute force password protection system. With cPHulk, you can set a threshold for authentication attempts on services like POP3, cPanel, WHM, FTP, etc. After a certain amount of attempts, the attacker will no longer be able to authenticate.
It’s a simple concept really, if the door is locked, they probably can’t get in. What makes cPHulk special is that you can configure lock out times, thresholds by account or ip, and whether or not to add to lock out times if further attempts are made after the account is locked. As well, the attacker can’t tell the account is locked so they’ll continue to try and authenticate and you’ll get some good log information about the attack.
cPHulk can be found in the Security Center in WHM for versions 11.0 and higher. There, you can also view recent brute force authentication attempts.