Overview
Our network includes a number of security measures to ensure a clean, trouble-free environment for your hosting services. One of these features is an automatic mechanism that is intended to stop brute-force login attacks. This system monitors login attempts from FTP, SSH, and SMTP services. These automatic systems are intelligent enough to know not to block an IP address if you fail authenticating once or twice.
This is designed to combat automated attacks that keep trying to authenticate multiple times over a very short period of time. In other words, this component of our system is designed to identify the typical behavior of automated brute-force attacks and stop those requests from reaching our network. If these requests go un-checked, this results in wasted resources and affects the overall performance of your hosting services.
What is a brute force attack?
Put simply, a brute force attack is when a malicious user runs a script that attempts to automatically log into a secure area by quickly running through a list of possible passwords. It's common for this type of attack to send multiple invalid login requests to our servers because the script is simply guessing a users password. Because of this, it's quite easy to detect. Although it may seem like a silly thing for a malicious user to do, these types of attacks are more common than you may think.
What does DomainIndia do to protect my account from brute force attacks?
cPHulk is a security feature used on cPanel Hosting to protect against brute force attacks. It locks down access to the following services if it detects too many failed login attempts coming from a single IP address.
- cPanel
- WHM
- SSH
- FTP
- IMAP
- POP3
- SMTP
The blacklisting of an IP address in cPHulk doesn't prevent the viewing of web pages or delivery of mail. It only affects the authentication modules in cPanel and therefore only affects users who are attempting to log in from a particular IP address that has been blocked. Traffic, such as visitors to a website and emails sent to an account, are not affected. This security system protects you by blocking malicious users from continuing to attempt to log into your account by guessing your passwords.
What happens if I've gotten myself locked out of my own account?
It is possible that you may send too many invalid login attempts to a server yourself and get your own IP address blocked. You'll notice this has happened to you if:
- Every computer within your office suddenly is unable to connect to the email server.
- Your email software may ask you to enter your password over and over again even through you are 100% certain you are entering in the correct password.
If this happens to you, don't panic, our support team is just a phone call away. Unfortunately, we are unable to allow customers to unblock themselves as this would defeat the entire purpose of the security system. Our staff are able to search the cPHulk security logs and determine if your particular IP address has been blocked. They will also be able to tell you which particular email address triggered the lockout. If it is determined that your IP address has been blocked, a senior member of our technical support team is able to get your IP address unblocked. This will grant you access to your services again.
What steps can I take to prevent myself from getting locked out of my own account?
If you happen to get yourself locked out of your account due to triggering the cPHulk security system, our staff can organise to remove your IP address from the block list for you. However, it's important that you take steps to ensure your devices are not sending invalid login requests to the server, otherwise you may find yourself getting locked out of your account again. This can be a very frustrating experience, especially if it occurs multiple times in a row. Below are some steps you should take to prevent this from happening:
Before we unblock your IP address
- Review all desktops/laptops and double check the password settings on every account
- Review all mobile devices and double check the password settings on every account
- If you want to be 100% certain your passwords are correct, you should update youremail passwords within cPanel then update the passwords in your email applications so that they match
- Modify POP accounts so that mail check intervals are greater than 5 minutes
- Devices using IMAP require 'interval' mail checking* to be disabled
- Close down any email applications and mobile devices that use the email address that triggered the cPHulk lock out
After we unblock your IP address
- Turn the mail applications back on at each of your desktop/laptops
- Let these run for a few hours to ensure no further blocking is occurring
- Turn each mobile device back on, waiting 30 minutes between each activation
