This object is in archive!
phpbrute easy abuse reporting
Needs Feedback
To phpbrute add easy method for reporting abuse to whois abuse-mailbox, like spamcop.net.
Specially these days many attacks from botnets, if easy to report abuse then abuse can be reported and systems updated, etc.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
This feature request is incredibly vague. I honestly do not understand what the request is asking for.
I've searched for "phpbrute" and found only basic reference to a tool called "Php-Brute-Force-Attack Detector" on sourceforge. Are you asking for that tool to be implemented?
It is very unlikely that we would implement a PHP based system monitoring tool, given that cPanel & WHM is primarily written in Perl. We already have a tool aimed at preventing brute force attacks called cPHulk, and we would continue to leverage that tool.
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CPHulk
If you have features you'd like to see added into cPHulk, please do let me know. Otherwise, I will need substantially more information and clarification on what your feature request is before it can be further considered. I do not understand what you are asking for at this time.
You vaguely mention an automatic spam reporting tool like spamcop.net. I cannot imagine that many (any?) blocklists would accept automated spam reports. This would quickly degrade a blocklist and make it useless with many false positives. If you are aware of any such blocklists that accept automated reports, then that is something that at least can be put to a feature request here to gauge community interest.
This feature request is incredibly vague. I honestly do not understand what the request is asking for.
I've searched for "phpbrute" and found only basic reference to a tool called "Php-Brute-Force-Attack Detector" on sourceforge. Are you asking for that tool to be implemented?
It is very unlikely that we would implement a PHP based system monitoring tool, given that cPanel & WHM is primarily written in Perl. We already have a tool aimed at preventing brute force attacks called cPHulk, and we would continue to leverage that tool.
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CPHulk
If you have features you'd like to see added into cPHulk, please do let me know. Otherwise, I will need substantially more information and clarification on what your feature request is before it can be further considered. I do not understand what you are asking for at this time.
You vaguely mention an automatic spam reporting tool like spamcop.net. I cannot imagine that many (any?) blocklists would accept automated spam reports. This would quickly degrade a blocklist and make it useless with many false positives. If you are aware of any such blocklists that accept automated reports, then that is something that at least can be put to a feature request here to gauge community interest.
This feature request is incredibly vague. I honestly do not understand what the request is asking for.
I've searched for "phpbrute" and found only basic reference to a tool called "Php-Brute-Force-Attack Detector" on sourceforge. Are you asking for that tool to be implemented?
It is very unlikely that we would implement a PHP based system monitoring tool, given that cPanel & WHM is primarily written in Perl. We already have a tool aimed at preventing brute force attacks called cPHulk, and we would continue to leverage that tool.
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CPHulk
If you have features you'd like to see added into cPHulk, please do let me know. Otherwise, I will need substantially more information and clarification on what your feature request is before it can be further considered. I do not understand what you are asking for at this time.
You vaguely mention an automatic spam reporting tool like spamcop.net. I cannot imagine that many (any?) blocklists would accept automated spam reports. This would quickly degrade a blocklist and make it useless with many false positives. If you are aware of any such blocklists that accept automated reports, then that is something that at least can be put to a feature request here to gauge community interest.
This feature request is incredibly vague. I honestly do not understand what the request is asking for.
I've searched for "phpbrute" and found only basic reference to a tool called "Php-Brute-Force-Attack Detector" on sourceforge. Are you asking for that tool to be implemented?
It is very unlikely that we would implement a PHP based system monitoring tool, given that cPanel & WHM is primarily written in Perl. We already have a tool aimed at preventing brute force attacks called cPHulk, and we would continue to leverage that tool.
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/CPHulk
If you have features you'd like to see added into cPHulk, please do let me know. Otherwise, I will need substantially more information and clarification on what your feature request is before it can be further considered. I do not understand what you are asking for at this time.
You vaguely mention an automatic spam reporting tool like spamcop.net. I cannot imagine that many (any?) blocklists would accept automated spam reports. This would quickly degrade a blocklist and make it useless with many false positives. If you are aware of any such blocklists that accept automated reports, then that is something that at least can be put to a feature request here to gauge community interest.
Sorry, yes : cPHulk
But, am adding:
New types of attacks: Attacks over 5 and 10 or more years...
so cPHulk -- Does offer protection, but maybe not for the long term...
a database is built of users for example briano@cpanel.com and how far
in the dictionary crack the password guessing/cracking program/script
is.
Some of these cracking scripts can be run for many many years
and are mostly for users that rarely or never update / change passwords
(like 95% of ALL lusers on the planet)
Sooo, eventually the success rate of these programs increase as the amount of time increases...
To
DEFEND against brute force password attacks, CPANEL has adopted the
same technology we all? use for ssh etc. on our non Cpanel servers,
/cgi/bl.cgi and cgi/wl.cgi
Soo, this feauture request is to
FURTHER IMPROVE Cpanel DEFENCE against such attacks by adding the whois
reporting information to the options that send an e-mail to the server
admin for example:
8 failed login attempts to account test1 (system) -- Large number of attempts from this IP: 188.162.230.21
Reverse DNS: client.yota.ru
Origin Country: Russian Federation (RU)
Please use the following links to add to the black list:
Single IP: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.230.21
/24: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.230.0/24
/16: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.0.0/16
Please use the following links to add to the white list:
Single IP: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.230.21
/24: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.230.0/24
/16: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.0.0/16
*****************
To ADD Also THIS:
*****************
person: Alexey A. Guzeev
address: Rusakovskaya, 13, 107140 Moskow RUSSIAN FEDERATION
phone: +79218550621
From the Registry - input ip number and:
email: aguzeev@yotateam.com
So:
https://cpanel.com:2087/cgi/report.cgi?ip=188.162.0.0/16
Sends an ABUSE/HACKING attempt report to the IP Responsible person
and when used adds to DB, if say 10 reports and no action option
to add to permanent black hole...
Sorry, yes : cPHulk
But, am adding:
New types of attacks: Attacks over 5 and 10 or more years...
so cPHulk -- Does offer protection, but maybe not for the long term...
a database is built of users for example briano@cpanel.com and how far
in the dictionary crack the password guessing/cracking program/script
is.
Some of these cracking scripts can be run for many many years
and are mostly for users that rarely or never update / change passwords
(like 95% of ALL lusers on the planet)
Sooo, eventually the success rate of these programs increase as the amount of time increases...
To
DEFEND against brute force password attacks, CPANEL has adopted the
same technology we all? use for ssh etc. on our non Cpanel servers,
/cgi/bl.cgi and cgi/wl.cgi
Soo, this feauture request is to
FURTHER IMPROVE Cpanel DEFENCE against such attacks by adding the whois
reporting information to the options that send an e-mail to the server
admin for example:
8 failed login attempts to account test1 (system) -- Large number of attempts from this IP: 188.162.230.21
Reverse DNS: client.yota.ru
Origin Country: Russian Federation (RU)
Please use the following links to add to the black list:
Single IP: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.230.21
/24: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.230.0/24
/16: https://cpanel.com:2087/cgi/bl.cgi?ip=188.162.0.0/16
Please use the following links to add to the white list:
Single IP: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.230.21
/24: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.230.0/24
/16: https://cpanel.com:2087/cgi/wl.cgi?ip=188.162.0.0/16
*****************
To ADD Also THIS:
*****************
person: Alexey A. Guzeev
address: Rusakovskaya, 13, 107140 Moskow RUSSIAN FEDERATION
phone: +79218550621
From the Registry - input ip number and:
email: aguzeev@yotateam.com
So:
https://cpanel.com:2087/cgi/report.cgi?ip=188.162.0.0/16
Sends an ABUSE/HACKING attempt report to the IP Responsible person
and when used adds to DB, if say 10 reports and no action option
to add to permanent black hole...
Maybe also a CENTRAL Cpanel Black hole Database? -- We all know that at least 1% of the ipv4 space and much of the ipv6 space is the wild west... if at least the 1% ipv4 space is already blocked (until a resposible person undertakes to cease/clean up) then many/much of the abuse will stop filling up logs?
Maybe also a CENTRAL Cpanel Black hole Database? -- We all know that at least 1% of the ipv4 space and much of the ipv6 space is the wild west... if at least the 1% ipv4 space is already blocked (until a resposible person undertakes to cease/clean up) then many/much of the abuse will stop filling up logs?
Replies have been locked on this page!