How cPGuard uses reCaptcha to stop brute-force attacks

by | Mar 23, 2020

One of our main customer’s issue is that they are getting abusive traffic to their Website/CMS admin login page and most of the time they are noticing load spikes on their account due to this, on checking the logs they could only realize that most of this requests are generated by robots.

So we are happy to introduce cPGuard reCAPTCHA protection help you find bad traffic on your website without any user conflicts. It gives you a score based on your interactions with your website and gives you more flexibility to take appropriate actions. It uses advanced risk analysis techniques to separate humans & bots and It does this while letting your valid users pass through with ease. In simple words, reCAPTCHAs are designed to prevent automated bots, while reCAPTCHAs are themselves automated and are programmed to pop up at certain places on a website and automatically pass or fail users.

cPGuard reCAPTCHA protection regularly updates its system, and so the spammers also need to update their decoding methods regularly, which can frustrate abusers.😄

Now let’s talk about its working, cPGuard reCAPTCHA uses the algorithm assumes you are a human being, it will validate the reCaptcha without further action on your part. If not, it will provide a set of images that you need to sort before continuing.

Looking into this scenario, you are opening a website on any browser which reCaptcha is enabled. Well, this is the same thing – it doesn’t have a checkbox. You will see the field like below GIF Image. If it thinks that you are not a human, as with traditional reCaptcha, sometimes an additional challenge may appear, but with invisible recapture, this happens when you submit the form (the submission sends out once the image test is validated) when you tick the checkbox.

When it identifies that you are not a robot, it sends over an HTTP request with the whole bunch of useful information things like

  • Your IP Address
  • Your country
  • Timestamp

All of these criteria are processed by Machine Learning Risk Analysis, and often the information can tell the difference between a human and a bot, but a small percentage of users often complete an additional challenge if the risk analysis engine is still unsure.

That’s where image recognition cPGuard reCaptcha comes in. If you prove that you are human in this way, then the engine is likely to be remembered and you can go through these things the next time you click on that checkbox.

The main feature of cPguard reCAPTCHA protection is to prevent Brute force attack and this is optional and can enable it on WHM >> cPGuard >> Settings >> WAF page

Brute force attack is a process that involves repeated and repeated attempts to get into a website with various password combinations. Hackers try out different combinations of usernames and passwords until they log in. For their attack, hackers use bots or mechanical tools. Most of the brute force attacks are common against popular CMS platforms like WordPress, Joomla, etc..

Once you enable reCAPTCHA protection in cPGuard, they identify the request which is legitimate and bad ones at the HTTP(Webserver) proportionate and redirect the bad traffic to the Captcha page. This protection algorithm is made with Modsecurity plus cPguard WAF enabled.

The protection works like if the system notice unexpected number of POST requests from a certain IP addresses towards the CMS login page, they requests will be forced to the Captcha page to make sure the requests are legitimate or not. Once verification is completed, the IP address with the genuine request will be allowed in the system and next time they can deliver the traffic without Captcha verification and the other lousy traffic from the IP address will be considered a DoS attack and will the IP address in the ConfigServer Security & Firewall (CSF).

Also, we(cPGuard) have a central blacklisting system which analyzes the whole traffic to the websites and the system sort down the bad traffic from the same and forwards the genuine request to the website after verification. The detected IP’s which are used for bad traffic is added to our central database using a 30-day grace period and if the request comes back from the detected IP’s, it will be redirected to verify the Captcha to continue to the website!