1. cPanel & WHM Documentation
  2. cPanel
  3. Security
  4. Leech Protection
leech files cpanelui bandwidth

Leech Protection

Valid for versions 82 through the latest version

Version:

82

Last modified: September 19, 2024

Looking for this interface?
Note:

Your hosting provider can enable or disable this interface in WHM's Feature Manager interface (WHM >> Home >> Packages >> Feature Manager).

Overview

The Leech Protection interface allows you to detect unusual levels of activity in password-restricted directories. After you set the maximum number of logins within a two-hour period, the system redirects or suspends users who exceed it. This is useful if, for example, someone posts a user’s login credentials on a public site.

Important:

Litespeed Web Server does not support leech protection.

To enable leech protection, we recommend that you use Apache®.

Enable leech protection

To enable leech protection for a directory, perform the following steps:

  1. Click Settings, and then select one of the following locations in which to begin navigation:
    • Web Root (public_html or www) — Begin navigation in the document root for the account’s primary domain.
    • Document Root for — Select the domain that corresponds to the document root in which you wish to begin navigation.
    • To configure the interface to always open your selection from Step 1, select the Always open this directory in the future checkbox.
  2. Click Save Changes.
  3. Navigate to the directory that you wish to protect.
    • Click the appropriate folder icon () to navigate to a different folder.
    • Click the desired folder’s name to select it. A new interface will appear.
  4. Enter the maximum number of logins that you wish to allow each user within a two-hour period.
  5. To redirect users who exceed the maximum number of logins within a two-hour period, enter a URL to which you wish to redirect them.
  6. To configure the system to send an email alert when Leech Protection activates, select the Send Email Alert To checkbox. Then, enter the email address to alert.
  7. To disable an account that exceeds the maximum number of logins, select the Disable Compromised Accounts checkbox.
  8. Click Enable.

Manage users

To add, edit, and delete users, perform the following steps:

  1. Navigate to a directory that you wish to protect with user-level protection.
    • Click the appropriate folder icon () to navigate to a different folder.
    • Click the desired folder’s name to select it. A new interface will appear.
  2. Click Manage Users to navigate to cPanel’s Directory Privacy interface for that folder (cPanel » Home » Security » Directory Privacy).
Note:
To manage users manually, edit the /home/USERNAME/.htpasswds/public_html/passwd file, where USERNAME represents the account name.

Disable leech protection

To disable leech protection, perform the following steps:

  1. Navigate to the directory for which you wish to disable leech protection.
    • Click the appropriate folder icon () to navigate to a different folder.
    • Click the desired folder’s name to select it.
  2. Click Disable.

Additional Documentation