This Knowledgebase article describes how to use the Leech Protection via cPanel to prevent users from publicly posting their username and password.
What is Leech protection?
When users publicly post their username and password, unauthorized visitors can use their credentials to access secure areas of a website. This practice is known as Leech protection.
cPanel offers protection against leeches, by limiting the number of times a user can access an area of a website within two hours. For example, you can limit four logins to a user over a period of two hours. If a user exceeds the limit for login, he will be redirected to another URL, and gets an alert by e-mail, or even the account id deactivated.
Leech protection activation for a directory
To enable leech protection for a directory, follow these steps:
- In the Security section of the main screen of cPanel, click leech protection.
- Click the name of the directory you want to protect.
- Type the number of entries allowed to a user within a period of two hours.
- Enter an address URL to redirect users to another website when the account is compromised.
- To receive an email notification when an account is compromised, select the Send email alert to the checkbox option, and then, type an email address.
- To disable accounts that are committed, select disable compromised accounts check box.
- Click Enable.
Disable leech protection for a directory
To disable leech protection for a directory, follow these steps:
- In the Security section of the main screen of cPanel, click leech protect
- Click on the name of the directory for which you want to disable the leech protection directories that have leech protection currently enabled that have a small picture of a leech next to them.
- To turn down protection, click Disable.
