Brute force questions

[copernic2006]

Hello,
I want to have an opinion of ASL user with cPanel (WHM) concerning Brute force.
ASL includes protection mechanisms for various types of brute force. At the same time cpanel comes with cPHulk Brute force protection.

Did you disable brute cPHulk Force protection? as need be userdns then deactivates, asl recommends enabling Userdns.

Your feedback will help me a lot.
Thank you in advance

[hostingg]

You dont have to disable CPHulk, but ive found i dont need it. CPHulk is a little less secure imo because it wont block the attacker, it just prevents them from logging in. Thats not enough for me i prefer to block an attacker so they cant do other things to my customers systems.

[iv@rh]

You dont have to disable CPHulk, but ive found i dont need it. CPHulk is a little less secure imo because it wont block the attacker, it just prevents them from logging in. Thats not enough for me i prefer to block an attacker so they cant do other things to my customers systems.

Completely wrong! ASL does not block attackers of cPanel, Webmail and WHM ports and disabling CpHulk makes them open for brute force attacks. I found that adding ASL to protect those ports causes insane amount of problems with blocking legitimate traffic and causing customers getting request timeout errors. In other words, ASL is good to block whatever flows through Apache as non-cPanel web application, I suspect it knows very little about cPanel-related traffic, such as what flows through ports 2086, 2087, 2082, 2083, 2095, 2096. It does protect them against brute force attacks, but A LOT of legitimate users are blocked - e.g. webmail browsing, sending emails, managing WHM, managing cPanel.

What might be useful is if CPHulk is used to call ASL shun command with the offending IP address, as CPHulk's algorithm of blocking IP addresses is odd and it causes blocks of legitimate users sometimes.