Ultra Web Hosting Docs

Leech Protection

Leech Protection watches a password-protected directory and steps in when one login is suddenly used from many places at once — a telltale sign that the password has been shared or leaked. It caps how often a single account can sign in and can alert you or lock the account down automatically.

What Leech Protection Does

Sometimes a valid username and password for a protected folder gets posted publicly or passed around. Once that happens, dozens of strangers can pour in using that one login. Leech Protection detects this by counting logins per user within a rolling two-hour window. If the count crosses your limit, it takes action so the compromised account can't keep being abused.

Note Leech Protection works hand in hand with Directory Privacy. You must first password-protect a folder and create an authorized user; Leech Protection then guards that same folder against a shared login.

Enabling Leech Protection

  1. Log into cPanel.
  2. Go to SecurityLeech Protection.
  3. Browse to and click the protected folder you want to guard.
  4. Configure the settings described below.
  5. Click Enable.

Configuring the Settings

Tip Turn on both the email alert and the option to disable compromised accounts. You get notified and the leak is stopped without waiting for you to react.

What Happens When the Limit Is Hit

Once a username exceeds the login limit inside the two-hour window, Leech Protection redirects further attempts to your chosen URL (if set), emails your alert address, and, if you enabled it, suspends the account. You can then change or remove that user in Directory Privacy and issue fresh credentials to the people who should have access.

Disabling Leech Protection

  1. Return to SecurityLeech Protection and select the folder.
  2. Click Disable.
Warning Leech Protection only monitors folders that already use Directory Privacy. If a folder isn't password-protected, there is no login for Leech Protection to watch. Set up Directory Privacy first.