Introduction
Leech Protection is a security feature within cPanel designed to help protect your website from users who attempt to post their password to a restricted area of your site. This tool is used to prevent misuse of your credentials, which could lead to unauthorised access to your website. Leech Protection allows you to set a maximum number of logins that can occur within a two-hour period, beyond which the system will automatically disable the compromised account. By utilising this feature, you can safeguard sensitive information and maintain the integrity of your hosting environment on Smarthost.
Quick Start Guide
Enabling Leech Protection
To start using Leech Protection on your Smarthost cPanel:
- Navigate to Security Section: Log into your cPanel account and locate the “Security” section.
- Open Leech Protection: Click on the ‘Leech Protection’ icon to access the tool’s interface.
- Select Directory: Choose the directory you want to protect. If you’re unsure which directory needs protection, think about where sensitive information is stored, like a user portal or admin area.
- Configure Settings: Enter the maximum number of logins allowed within a two-hour period and specify what action should be taken if the login threshold is exceeded.
Configuring Notifications and Actions
Set up notifications so that you receive an email alert when the login threshold is exceeded. You can also configure the system to redirect users to a specified URL or automatically disable accounts that exceed the permitted number of logins.
In-depth Guide
Understanding Your Options
Login Threshold
Setting a login threshold is crucial for controlling access. For example, if you set the threshold to 10 logins every two hours, and this number is exceeded, it means there is likely an issue with account security.
Notification Email
Enter an email address where you want to receive alerts about potential security breaches. It’s advisable to use an email dedicated to security alerts for easier monitoring.
Redirect URL
Specifying a redirect URL can deter further attempts by directing the user to an alternative page, such as a warning message or more information about security policies on your site.
Disabling Compromised Accounts
Automatically disabling accounts that exceed login attempts is a strong preventive measure. It stops further misuse while you investigate the issue. For instance, if an account is found exceeding the set limit, it could be temporarily disabled, prompting an investigation into whether the credentials have been compromised.
Resetting User Passwords
Regularly resetting user passwords can also enhance security, especially after an incident. Encourage users to create strong, unique passwords each time.
Conclusion
Leech Protection is a robust security feature that helps maintain the security and integrity of your website hosted on Smarthost. By understanding and configuring Leech Protection appropriately, you can prevent unauthorised access and protect your online presence effectively.
For more detailed information, please refer to the official cPanel documentation on Leech Protection.
FAQs about Leech Protection
Leech Protection is a feature within cPanel that helps prevent users from sharing their passwords with a large number of people. It allows you to set a limit on the number of times a user can log in within a two-hour period and take action if this limit is exceeded.
Once you enable Leech Protection and configure settings for a specific directory, the system monitors login attempts to that directory. If the number of logins exceeds the set threshold within the specified time frame, the system can alert you, redirect the user, or disable the account based on your settings.
You should enable Leech Protection in directories that contain sensitive information or where user authentication is required. Common examples include directories for user profiles, admin areas, or forums.
If an account is disabled, first verify whether it was a legitimate user or a security threat. For a legitimate user, consider advising them on secure password practices before reactivating their account. If it was a security threat, investigate the incident further to strengthen security measures.
Currently, Leech Protection applies universally to all users accessing the protected directory. To exempt a user, consider structuring your directory permissions or user access levels in a way that does not require placing sensitive directories under Leech Protection for those specific users.
It’s advisable to review the settings periodically, especially after making changes to how your website or its security measures operate. Regular reviews ensure that the protections remain relevant and effective against current security threats.
