Automated Tightening of Security Parameters upon Attack
It would be nice to have an automated function to tighten
security parameters when an attack is detected.
When these attacks are detected, the security parameters could rise to
specified levels to help fend off the attack.
Such parameters might include: LF_SMTPAUTH,
LF_INTERVAL, DENY_IP_LIMIT, DENY_TEMP_IP_LIMIT, and others. For example, the only reason that DENY_IP_LIMIT
isn’t set to a huge number is because of the CPU/memory impact in processing a
ton of IP addresses. Therefore, there is
a fine line in setting these values between security and performance. An automated attack defense system could
adjust these values such that they can tighten incrementally based on the
number of attacks during an attack and then lessen over time when the attack
seems to have subsided. Additionally,
by specifying a white list of countries where my users are located, the
automated defense system could block all IPs from other countries during an
attack, lessening over time after the attack.
Additionally, by keeping an automated white list of IP addresses that
have completed proper logins, the system could have looser security parameters
for them vs. IP addresses that have never had a proper login. I understand about cpHulk, but it isn’t sophisticated
enough to accomplish such defense. Obviously, an attack would be defined as some
number of failed logins for a given account and/or failed logins from various
IPAddresses. And any login using a
USERID that doesn’t exist should also kick up the attack level quickly.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
I have a few concerns with the items you've brought up.
(1) You seem to be citing a lot of configuration values for ConfigServer Firewall (A 3rd party WHM Plugin usually referred to as "CSF"). Are you wanting a core feature to depend upon a 3rd party non-cPanel developed plugin being present? If so, this is extremely unlikely. We would not want the core of cPanel to be reliant on non-cPanel developed or maintained software or features.
(2) The sheer complexity of some of the items you've advised raises significant concern as to "False Positives" (unintentionally blocking visitors instead of malicious users). Broad blocks like country blocks and other such items are generally not the best practices for the average cPanel & WHM server. This sounds like a highly customized system that would work well for you, but may result in mostly frustration in dealing with customers being falsely blocked for many other server owners.
With regard to #2, I'd like to hear significant feedback from customers. I think #2 is very subjective and wouldn't work well for a majority of server owners.
I have a few concerns with the items you've brought up.
(1) You seem to be citing a lot of configuration values for ConfigServer Firewall (A 3rd party WHM Plugin usually referred to as "CSF"). Are you wanting a core feature to depend upon a 3rd party non-cPanel developed plugin being present? If so, this is extremely unlikely. We would not want the core of cPanel to be reliant on non-cPanel developed or maintained software or features.
(2) The sheer complexity of some of the items you've advised raises significant concern as to "False Positives" (unintentionally blocking visitors instead of malicious users). Broad blocks like country blocks and other such items are generally not the best practices for the average cPanel & WHM server. This sounds like a highly customized system that would work well for you, but may result in mostly frustration in dealing with customers being falsely blocked for many other server owners.
With regard to #2, I'd like to hear significant feedback from customers. I think #2 is very subjective and wouldn't work well for a majority of server owners.
I have a few concerns with the items you've brought up.
(1) You seem to be citing a lot of configuration values for ConfigServer Firewall (A 3rd party WHM Plugin usually referred to as "CSF"). Are you wanting a core feature to depend upon a 3rd party non-cPanel developed plugin being present? If so, this is extremely unlikely. We would not want the core of cPanel to be reliant on non-cPanel developed or maintained software or features.
(2) The sheer complexity of some of the items you've advised raises significant concern as to "False Positives" (unintentionally blocking visitors instead of malicious users). Broad blocks like country blocks and other such items are generally not the best practices for the average cPanel & WHM server. This sounds like a highly customized system that would work well for you, but may result in mostly frustration in dealing with customers being falsely blocked for many other server owners.
With regard to #2, I'd like to hear significant feedback from customers. I think #2 is very subjective and wouldn't work well for a majority of server owners.
I have a few concerns with the items you've brought up.
(1) You seem to be citing a lot of configuration values for ConfigServer Firewall (A 3rd party WHM Plugin usually referred to as "CSF"). Are you wanting a core feature to depend upon a 3rd party non-cPanel developed plugin being present? If so, this is extremely unlikely. We would not want the core of cPanel to be reliant on non-cPanel developed or maintained software or features.
(2) The sheer complexity of some of the items you've advised raises significant concern as to "False Positives" (unintentionally blocking visitors instead of malicious users). Broad blocks like country blocks and other such items are generally not the best practices for the average cPanel & WHM server. This sounds like a highly customized system that would work well for you, but may result in mostly frustration in dealing with customers being falsely blocked for many other server owners.
With regard to #2, I'd like to hear significant feedback from customers. I think #2 is very subjective and wouldn't work well for a majority of server owners.
Replies have been locked on this page!