How To Use The Leech Protection Feature in cPanel

When your website users publicly post their username and password, malicious visitors can use these credentials to access secure areas of your web site.

This practice is known as leeching.

The Leech Protection in cPanel provides an effective protection against leeching by limiting the number of times that a user can access a secure area of your web site within a two-hour period.

For example, you can limit users to four logins over a two-hour period.

If a user exceed the login limit, you can suspend or redirect him or her to another URL.

You can also send an alert e-mail, or even disable the account.




Enabling Leech Protection

To enable Leech Protection for a directory, perform the following steps:

  1. The Leech Protection window will appear. Select which of the four main directories you wish to view in the file window:

    • Home Directory (/home/user)
    • Web Root (/public_html/www)
    • Public FTP Root (/public_ftp)
    • Document Root (/public_html)
  2. Select the directory that you wish to protect.

    • Click the appropriate icon to navigate to a different folder.

    • Click the desired folder's name to select it.

  3. Enter the maximum number of logins that you wish to allow each user within a two-hour period.
  4. To redirect users who exceed the maximum number of logins within a two-hour period, enter a URL to which you wish to redirect them.
  5. To configure the system to send an email alert when Leech Protect activates, select the Send Email Alert To checkbox and enter the email address to alert.
  6. To disable an account that exceeds the maximum number of logins within a two-hour period, select the Disable Compromised Accounts checkbox.
  7. Click Enable.



Disabling Leech Protection

To disable leech protection, perform the following steps:

  1. The Leech Protection window will appear. Select which of the four main directories you wish to view in the file window:

    • Home Directory (/home/user)
    • Web Root (/public_html/www)
    • Public FTP Root (/public_ftp)
    • Document Root (/public_html)
  2. Select the directory that you wish to protect.

    • Click the appropriate icon to navigate to a different folder.

    • Click the desired folder's name to select it.

  3. Click Disable.



Managing Users

To add, edit, and delete users, click Manage Users to navigate to cPanel's Directory Privacy interface found at Home >> Security >> Directory Privacy.

Please note that to manage the users manually, edit the /home/USERNAME/.htpasswds/public_html/passwd file, where USERNAME represents the account name.

  • security
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How To Use SSH To Access Your cPanel Server

Use the SSH Access interface to securely connect to your server remotely through the command...

How To Use cPanel IP Blocker To Prevent Access To An IP Address

This security feature in cPanel can be used to prevent access to your site from a range of IP...

Preventing People From Stealing Your Bandwidth In cPanel

Hotlinking to a media file (video, audio, Flash, image, etc.) on another site bypasses any html...

Using cPanel Security Policy Feature

If you attempt to access your cPanel account from an unverified IP address, we require you to...

How To Enable or Disable ModSecurity on cPanel

ModSecurity is an intrusion detection and prevention engine for Apache. Known as the "Swiss Army...