Leech Protection
Leech Protection watches a password-protected directory and steps in when one login is suddenly used from many places at once — a telltale sign that the password has been shared or leaked. It caps how often a single account can sign in and can alert you or lock the account down automatically.
What Leech Protection Does
Sometimes a valid username and password for a protected folder gets posted publicly or passed around. Once that happens, dozens of strangers can pour in using that one login. Leech Protection detects this by counting logins per user within a rolling two-hour window. If the count crosses your limit, it takes action so the compromised account can't keep being abused.
Enabling Leech Protection
- Log into cPanel.
- Go to Security → Leech Protection.
- Browse to and click the protected folder you want to guard.
- Configure the settings described below.
- Click Enable.
Configuring the Settings
- Number of logins per username in a two-hour period — the maximum logins allowed before the account is treated as compromised. Pick a number that fits normal use; a handful is plenty for a single legitimate person.
- URL to redirect leech users to — an optional page to send offenders to once they exceed the limit.
- Send email alert to — an address that receives a notice when the limit is tripped, so you learn about it right away.
- Disable compromised accounts — optionally suspend the offending user automatically, cutting off further access until you review it.
What Happens When the Limit Is Hit
Once a username exceeds the login limit inside the two-hour window, Leech Protection redirects further attempts to your chosen URL (if set), emails your alert address, and, if you enabled it, suspends the account. You can then change or remove that user in Directory Privacy and issue fresh credentials to the people who should have access.
Disabling Leech Protection
- Return to Security → Leech Protection and select the folder.
- Click Disable.