cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Make cPHulk smart

Alberto Ferrer shared this idea 2 years ago
Open Discussion

As a sys-admin i would like auth_policy_check_before_auth for Dovecot, mod_ban for pure-ftpd and something related for Exim because you are currently passing several arguments and this can save us CPU, login process, time. Making cPanel faster and beneficial for everyone.

-------------------------------------------------------


As a cPanel user, sys admin i would like a feature to be added on cPanel/WHM, because is of benefit to everyone, users, cPanel itself and no one is using it.


One of the most common problems with cPHulk is that it does not know its users. I think you should add a system that works as a kind of geometric defense.


Where if a user is entering a service associated with cPanel and is not within the frequent income (use IP as frequent income for example) you will be denied access or a 2fa code will be requested or an email will be sent to authorize such entry.


This same would serve to prevent junk mail, dictionary attacks and more. Since they must confirm the access put is not what the system knows frequently or was registered for the first time.


Currently cPHulk only blocks by failed access or some other factor, this would improve its operation and would give a great added value to cPanel.


A practical example of my idea:


If the user has an initial origin in Mexico, but I have a visitor from China who tries to access my account, I can deny him access in advance. The same for the other services in cPanel, again: Email, FTP and associates.


Or you can also factor, if the user guesses the password but the initial origin is not frequent, deny access.


Another arrangement which would be good in cPHulk is: Deny first, allow later, based on countries.

[2018-12-20 06:40:15 -0600] info [cpaneld] 193.169.252.228 - - "GET / HTTP/1.1" FAILED LOGIN cpaneld: user name not provided or invalid user
[2018-12-20 06:40:15 -0600] info [cpaneld] 193.169.252.228 - - "POST / HTTP/1.1" FAILED LOGIN cpaneld: user name not provided or invalid user
[2018-12-20 07:40:11 -0600] info [cpaneld] 193.169.252.228 - - "GET / HTTP/1.1" FAILED LOGIN cpaneld: user name not provided or invalid user
[2018-12-20 07:40:12 -0600] info [cpaneld] 193.169.252.228 - - "POST / HTTP/1.1" FAILED LOGIN cpaneld: user name not provided or invalid user
As you can see in my logs, that already happened, no point on blocking just dictionary attacks anymore.

Leave a Comment
 
Attach a file