If you run a members-only area or any password-protected section, there’s a risk that one person shares their login publicly and suddenly hundreds of people are using a single account. cPanel’s Leech Protection catches this by watching for a login being used from too many places at once. Here’s how to set it up.

The problem it solves

“Leeching” is when a legitimate login gets passed around — posted on a forum, shared in a group — so that many people use one account they never paid for or were never authorised to have. It undermines paid memberships and can overload your site. Leech protection detects the tell-tale sign: a single username logging in from an unusual number of different locations in a short time.

How it works

Leech protection monitors password-protected directories. If it sees a single account exceed a threshold of logins within a two-hour window, it assumes the credentials have been leaked and takes action — suspending the account and alerting you. This stops a shared login from being useful to a crowd.

Setting it up

  1. In cPanel, open Leech Protection under the Security section.
  2. Browse to the protected directory you want to monitor and select it.
  3. Set the number of logins allowed within a two-hour period before the account is flagged.
  4. Optionally, provide a URL to redirect leeching users to, and an email address to notify when leeching is detected.
  5. Choose whether to suspend the compromised account automatically.
  6. Click Enable.

Choosing a sensible threshold

Set the limit high enough that a genuine user switching between their phone, laptop and office won’t trip it, but low enough to catch mass sharing. A limit somewhere in the range of a handful of logins per two hours suits most single-user accounts. Watch the notifications after enabling and adjust if legitimate users are being caught.

It requires a protected directory

Leech protection works on directories you’ve secured with Directory Privacy. If you haven’t set up password protection on the area yet, do that first — leech protection then monitors those logins for abuse.

Where it fits

This tool is most relevant if you sell access to content, run a private client portal, or maintain any area where each login is meant for one person. For a normal public website it isn’t needed. But where account sharing would cost you money or resources, it’s a smart, automatic safeguard.

Setting up a members’ area and want it protected properly? We can help you combine Directory Privacy, leech protection and other measures into a solid setup.

Was this article helpful to you?

admin

Leave a Reply

You must be logged in to post a comment.