Hi there, I am evaluating DA as a replacement for cPanel for my new server.
One of the "helps me sleep at night" tools cPanel has is cPhulk for brute force detection and auto blocking. The key features being:
1. Set a failed login threshold and block that IP when the threshold of failed logins is passed (admin login or ssh)
2. Completely block access to cPanel by country. Here i just set it to our home country and a couple of others we frequent. This doesn't block these countries from accessing sites on the server, just cPanel.
I did search and found this short and very old thread on the topic, linking to some old release notes which might be outdated now. I also see "Brute Force Monitor" in the demo. I see the "notified" and 'blocked" icons in the reports, but what I'm not understanding is what "notified" is (an email?) and whether blocking is automated or do you have to manually read the report and add them to the blocklist yourself?
I also don't see something as simple as the country blocking interface in cPhulk. Am I missing a feature like that? Is anyone doing that? If there is no feature like that i guess the workaround is blocking port 2222 to all but selected IP ranges? And
Thanks for any info or alternative process. I think this the last box to tick for me.
One of the "helps me sleep at night" tools cPanel has is cPhulk for brute force detection and auto blocking. The key features being:
1. Set a failed login threshold and block that IP when the threshold of failed logins is passed (admin login or ssh)
2. Completely block access to cPanel by country. Here i just set it to our home country and a couple of others we frequent. This doesn't block these countries from accessing sites on the server, just cPanel.
I did search and found this short and very old thread on the topic, linking to some old release notes which might be outdated now. I also see "Brute Force Monitor" in the demo. I see the "notified" and 'blocked" icons in the reports, but what I'm not understanding is what "notified" is (an email?) and whether blocking is automated or do you have to manually read the report and add them to the blocklist yourself?
I also don't see something as simple as the country blocking interface in cPhulk. Am I missing a feature like that? Is anyone doing that? If there is no feature like that i guess the workaround is blocking port 2222 to all but selected IP ranges? And
Thanks for any info or alternative process. I think this the last box to tick for me.