Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
_Version
_Version

 

Section


Column
width50%

 << Step 4: Nameservers


Column
width50%

Step 6: Set Up Quotas >> 



Section


Column
width20%



Step 1:

Agreement





Step 5:

Services


 

 


Column

Services

This section allows you to configure the services that you and your clients use on the server.

Note titled

To use the default settings, click Skip This Step and Use Default Settings at the top of the interface.

FTP Configuration

To configure an FTP server, select the FTP server software that you wish to use. You can choose ProFTPD, Pure-FTPD, or Disabled.

Note titled

Review the information in the Advantages, Disadvantages, and Notes columns of the table for more information about each option.

Configure cPHulk Brute Force Protection

cPHulk provides protection from brute force attacks against your web services. To enable and configure cPHulk, perform the following steps:

  1. Select the Enable cPHulk checkbox.
  2. To allow the chkservd service to monitor and restart the cPHulkd service, select the Allow chkservd to monitor and restart cPHulkd checkbox.
  3. To add your local IP address to the whitelist, select the Add my IP address to the whitelist checkbox.
  4. To receive a notification whenever an IP address that is not on the whitelist performs a successful root login, select the Send a notification upon successful root login when the IP address is not on the whitelist checkbox.
  5. To receive a notification whenever an IP address that is not on the whitelist but comes from a known netblock performs a successful root login, select the Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock checkbox.
  6. To receive a notification whenever cPHulk detects a brute force attack, select the Send a notification when the system detects a brute force user checkbox.
  7. To block IP addresses at the firewall level whenever they meet the conditions for brute force protection, select the Block IP addresses at the firewall level if they trigger brute force protection checkbox.
  8. To block IP addresses at the firewall level whenever they meet the conditions for a one-day block, select the Block IP addresses at the firewall level if they trigger a one-day block checkbox.

    Note
    titleNote:

    The options to block IP addresses at the firewall level require iptables 1.4 or higher and a non-Virtuozzo environment.


  9. If you wish to configure additional cPHulk settings, select the Configure Advanced Settings checkbox.

    Expand
    titleClick here to view cPHulk's Advanced Settings...

    The following Advanced Settings will appear. Enter the desired value in the text box that corresponds to each option:

    • Brute Force Protection Period (in minutes)  — The number of minutes to lock an account. Enter a value between 1 and 1,440. This setting's value defaults to 5 .
    • Maximum Failures by Account — The maximum number of failed authentication attempts allowed per account. Enter a value between 0 and 999999. This setting's value defaults to 15.
    • IP Address-based Brute Force Protection Period (in minutes) — The number of minutes to block the IP addresses of potentially malicious users. Enter a value between 0 and 999999 . This setting's value defaults to 15.
    • Maximum Failures per IP Address — The maximum number of failed authentication attempts that an IP address allows. Enter a value between 0 and 999999 . This setting's value defaults to 5.
    • Command to Run When an IP Address Triggers Brute Force Protection — The full path to a command that the system runs when an IP address triggers brute force protection.
    • Maximum Failures per IP Address before the IP Address is Blocked for One Day — The number of failed authentication attempts before cPHulk blocks an IP address for a one day period. Enter a value between 0 and 999999 . This setting's value defaults to 30.
    • Command to Run When an IP Address Triggers a One-day Block — The full path to a command that the system runs when the system blocks an IP address for a one-day period.

      Note
      titleNote:

      For a full list of the variables that you can use in this command, read our cPHulk Brute Force Protection documentation. 


    • Duration for Retaining Failed Logins (in minutes) — The number of minutes that the system allows for an attacker to reach the Maximum Failures per IP Address setting. Enter a value between 0 and 999999. This setting's value defaults to 360.


Install a Common Set of Perl Modules

Select the Provide modules to /usr/bin/perl formerly provided by checkperlmodules checkboxto install a common set of Perl modules to the /usr/bin/ directory.

Note titled

Certain scripts and CGI applications may require a Perl installation in the /usr/bin/perl file. cPanel & WHM does not use this file. For more information, read our Guide to Perl in cPanel - Modules and Scripts documentation.

Save and continue

Click Save & Go to Step 6.

To return to Step 4, click Go Back.



Section


Column
width50%

 << Step 4: Nameservers


Column
width50%

Step 6: Set Up Quotas >> 


Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("services","ftp","cphulk") and label in ("whm","cpanel") and space = currentSpace()


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("services","ftp","cphulk") and label = "cpanel" and space = currentSpace()


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("services","ftp","cphulk") and label = "whm" and space = currentSpace()


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("services","ftp","cphulk") and space = "SDK"