Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

phpbrute easy abuse reporting

andre shared this idea 8 years ago
Needs Feedback

To phpbrute add easy method for reporting abuse to whois abuse-mailbox, like spamcop.net.


Specially these days many attacks from botnets, if easy to report abuse then abuse can be reported and systems updated, etc.

Best Answer
photo

This feature request is incredibly vague. I honestly do not understand what the request is asking for.


I've searched for "phpbrute" and found only basic reference to a tool called "Php-Brute-Force-Attack Detector" on sourceforge. Are you asking for that tool to be implemented?


It is very unlikely that we would implement a PHP based system monitoring tool, given that cPanel & WHM is primarily written in Perl. We already have a tool aimed at preventing brute force attacks called cPHulk, and we would continue to leverage that tool.


http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CPHulk


If you have features you'd like to see added into cPHulk, please do let me know. Otherwise, I will need substantially more information and clarification on what your feature request is before it can be further considered. I do not understand what you are asking for at this time.


You vaguely mention an automatic spam reporting tool like spamcop.net. I cannot imagine that many (any?) blocklists would accept automated spam reports. This would quickly degrade a blocklist and make it useless with many false positives. If you are aware of any such blocklists that accept automated reports, then that is something that at least can be put to a feature request here to gauge community interest.

Replies (3)

photo
1

This feature request is incredibly vague. I honestly do not understand what the request is asking for.


I've searched for "phpbrute" and found only basic reference to a tool called "Php-Brute-Force-Attack Detector" on sourceforge. Are you asking for that tool to be implemented?


It is very unlikely that we would implement a PHP based system monitoring tool, given that cPanel & WHM is primarily written in Perl. We already have a tool aimed at preventing brute force attacks called cPHulk, and we would continue to leverage that tool.


http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CPHulk


If you have features you'd like to see added into cPHulk, please do let me know. Otherwise, I will need substantially more information and clarification on what your feature request is before it can be further considered. I do not understand what you are asking for at this time.


You vaguely mention an automatic spam reporting tool like spamcop.net. I cannot imagine that many (any?) blocklists would accept automated spam reports. This would quickly degrade a blocklist and make it useless with many false positives. If you are aware of any such blocklists that accept automated reports, then that is something that at least can be put to a feature request here to gauge community interest.

photo
1

Sorry, yes : cPHulk


But, am adding:


New types of attacks: Attacks over 5 and 10 or more years...

so cPHulk -- Does offer protection, but maybe not for the long term...


a database is built of users for example briano@cpanel.com and how far

in the dictionary crack the password guessing/cracking program/script

is.


Some of these cracking scripts can be run for many many years

and are mostly for users that rarely or never update / change passwords

(like 95% of ALL lusers on the planet)


Sooo, eventually the success rate of these programs increase as the amount of time increases...


To

DEFEND against brute force password attacks, CPANEL has adopted the

same technology we all? use for ssh etc. on our non Cpanel servers,

/cgi/bl.cgi and cgi/wl.cgi


Soo, this feauture request is to

FURTHER IMPROVE Cpanel DEFENCE against such attacks by adding the whois

reporting information to the options that send an e-mail to the server

admin for example:

8 failed login attempts to account test1 (system) -- Large number of attempts from this IP: 188.162.230.21


Reverse DNS: client.yota.ru


Origin Country: Russian Federation (RU)


Please use the following links to add to the black list:


Single IP: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.230.21


/24: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.230.0/24


/16: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.0.0/16


Please use the following links to add to the white list:


Single IP: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.230.21


/24: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.230.0/24


/16: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.0.0/16


*****************

To ADD Also THIS:

*****************

person: Alexey A. Guzeev

address: Rusakovskaya, 13, 107140 Moskow RUSSIAN FEDERATION

phone: +79218550621


From the Registry - input ip number and:

email: aguzeev@yotateam.com


So:

https://cpanel.com:2087/cgi/report.cgi?ip=188.162.0.0/16


Sends an ABUSE/HACKING attempt report to the IP Responsible person

and when used adds to DB, if say 10 reports and no action option

to add to permanent black hole...

photo
2

Maybe also a CENTRAL Cpanel Black hole Database? -- We all know that at least 1% of the ipv4 space and much of the ipv6 space is the wild west... if at least the 1% ipv4 space is already blocked (until a resposible person undertakes to cease/clean up) then many/much of the abuse will stop filling up logs?

Leave a Comment
 
Attach a file