InterWorx Brute Force attack

As we all know that when WHM/cPanel. It comes with cphulk that has some defaults settings. cphulk protects WHM server from brute force attacks and if it founds a user IP that violates the rules that are set in configuration. It blocks them for certain time.

I am here to know about InterWorx. My exact questions are

  1. Is there any kind of feature like that here.
  2. If there is what is it’s name and where can we find more about it.
  3. Is it customizable with GUI or CLI and if it is CLI please mention the link to docs.

Thanks in advance.
Regards, Muneeb Ahmed

Hello–

No there is not anything like that built into InterWorx.

You may want to look into Fail2Ban: Fail2ban

Thanks,
-Jenna

Thanks Jenna, My server use SSH Keys to login via SSH.
So, I guess that SSH hacking is not possible.

What is am interested to secure are these two links

  1. https://some_ip:2443/nodeworx
  2. https://some_ip:2443/nodeworx

So, If any malicious user try to login to nodeworx or siteworx account by guessing password again and again then he should be banned for X minutes.
Is fail2ban able to do that ?

Hi

If you check this post out from chirpy you will see csf and csx

Both work lovely and I believe from memory as it does not happen too often that it covers logins for site work and nodeworx

Many thanks

John

Hello–

I double checked with the devs, as I’m not super familiar with Fail2Ban, and it may be possible to set specific rules up to check the NodeWorx and SiteWorx login pages, but that is something you may need to test. You may also want to reach out to Fail2Ban for information or suggestions.

I also second John’s suggestion of CXS of CFS.

Thanks,
-Jenna

Lately I’ve been looking at CSF/CSX and I’m pretty much sold. For the interim the APF/BFD combo is too easy not to use for basic protection. I’ve always loved the APF GUI in Nodeworx. Too bad such simple and elegant tools just aren’t enough these days.

Keys make your login easier and safer but secured logins don’t stop bots from trying. If your server is being slammed and defenses kick-in, resources can add up especially with Fail2ban because it’s hungry for memory on a slow day.

Fail2ban is very effective at protecting some panels and web services but there’s no ready-made filter for Nodeworx I’m aware of. I think there’s a reCAPTCHA challenge when Nodeworx has enough bad login attempts.

Hi Sysnop

I hope your well

Yes you are correct and there should be a ReCaptcher after 4 or 5 failed login attempts to nodeworx or siteworx

We use CSF and CXS from chirpy and both work well. CSF is free (Kudos to Chirpy) but CXS cost $60 as a one time payment.

I tested CXS by uploading eicar test files which appeared but not usable and then deleted before been active to the server so it scans the files before allowing them and I think from memory that you can also disallow file extentions etc… but I am tired so coudl be wrong sorry

Many thanks and hope you have a lovely weekend

John

Our largest traditional hosting customers users CSF \ LFD. I used it when I was a Cpanel user too, I would disable cphulk so I didn’t have to manage both systems.

CSF \ LFD is free. Has pretty much every FW feature you likely will need and a huge number of Brute Force features including modsec integration (which can be a pain). A big plus for me is that it can use ipset which allows for huge blocklists and practical Country Code Geo-blocking.

We would look into defaulting to CSF, but APF is tied into our clustering system and elsewhere. Nothing that cannot be done manually in CSF, so it’s non-critical, and there are a lot of other priorities.