All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Free/Open-source WHM dashboard: Consolidates daily health checks + catches the /24 distributed brute
Hi everyone,
I manage several cPanel/WHM boxes and got tired of the daily morning routine of clicking through five different WHM screens just to check if the server is healthy. I also discovered a huge blind spot: my servers were getting hammered by SMTP auth failures, but cPHulk wasn't blocking them.
The Problem: Attackers are getting smarter. Instead of brute-forcing from one IP, they use a /24 subnet. Each IP makes just 5-6 attempts, staying perfectly under cPHulk's per-IP threshold. Individually, they are invisible. Collectively, it's a massive attack.
I built a lightweight, open-source WHM plugin to scratch this itch. It aggregates Exim auth failures by /24 subnet. On my main server, it immediately caught a subnet making 137+ attempts that cPHulk completely ignored.
What else it does (Single pane of glass):
Mail: Parses Outlook/Microsoft deferrals & failures cleanly, shows queue & null-sender bounces.
Deliverability: SPF/DKIM/DMARC status per domain.
Backups: Confirms if backups actually ran and if remote destinations exist.
WP Toolkit & AutoSSL: Highlights broken sites, pending updates, and failed certs.
(Insert the Imgur link of the Main Dashboard screenshot here)
The Tech Specs (Why it belongs on LET):
Zero bloat: It’s roughly 2k lines of standard-library Python + a simple PHP UI.
Zero telemetry: No phone-home, no cloud API, no accounts. It generates a local JSON.
Read-only: It DOES NOT block IPs. It only monitors and surfaces data for you to act on via CSF/cPHulk.
MIT Licensed: 100% free, forever.
GitHub Repo & 5-min Install: https://github.com/Nawareg/zahosts-health
I’d love for some of the veterans here to review the code, test it out, and tell me what I broke. PRs and brutal feedback are highly encouraged!
Comments
I fear i have some shocking news: Attackers have now even started to use bot nets. It's crazy how fast things evolve.
Haha, fair play, the sarcasm is fully deserved! 😂
I know distributed attacks and botnets are as old as the internet itself. But the funny part here is the absolute laziness of the attacker. A real botnet scatters IPs globally across ASNs. What I was seeing wasn't a sophisticated botnet, it was just some guy renting a single, cheap /24 block from a budget host and rotating IPs sequentially just because he knows default cPHulk rules are too dumb to catch it.
So yeah, definitely not a new evolution in hacking—just a cheap attacker exploiting a known cPanel blind spot. The plugin is just there to visualize this specific brand of laziness so I can null-route the whole subnet and get back to my coffee.