Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Integrations/cPanel/WHM
Direct agent install WHM + cPanel 2 min setup

DDoS Detection for cPanel/WHM

Install ftagent directly on your cPanel server. Protect every hosted site with real-time DDoS detection, automated firewall rules, and instant alerts. One command to install, nothing to configure on cPanel itself.

Start free trial → GitHub

How It Works

cPanel/WHM Server
Your hosting node
ftagent (on same server)
Reads kernel counters
Flowtriq Dashboard
Detection + alerts + mitigation

Setup

Three steps to DDoS protection

1

Sign up for Flowtriq

Create a free account and get your deploy token from the dashboard. The 14-day trial includes all features with no credit card required.

2

Install ftagent on your server

SSH into your WHM server and run one command:

curl -sL https://get.flowtriq.com | sudo bash

The installer detects your OS, installs ftagent, and walks you through the deploy token.

3

See attacks in your dashboard

Within minutes, traffic data appears in Flowtriq. Baselines build automatically. Attacks are detected, classified, and trigger your configured alert channels and mitigation policies.

Capabilities

What you get with this integration

Sub-Second Detection

ftagent reads kernel-level network counters every second directly on your cPanel server. Attacks are detected in under 1 second, not minutes. No NetFlow latency because the agent runs on the same machine.

Attack Classification

Every detected attack is classified: SYN floods, UDP amplification, DNS reflection, NTP monlist, ICMP floods, GRE floods, fragmentation attacks, and more. Each with protocol-level confidence scores.

Automated Firewall Rules

ftagent deploys iptables or nftables rules on your cPanel server to drop attack traffic at the kernel level. Rules are surgical: they target specific attack signatures without affecting legitimate web traffic.

Multi-Channel Alerting

Get notified instantly via Discord, Slack, PagerDuty, OpsGenie, email, SMS, or webhooks. Alert messages include attack type, target IP, traffic volume, and recommended actions.

PCAP Capture

Because ftagent runs directly on the server, it can capture full packet data during attacks. Use PCAP evidence for forensic analysis, abuse reports, and upstream provider escalation.

CSF Compatible

ftagent manages its own iptables chain and never modifies CSF rules. Both run simultaneously without conflict. During attacks, ftagent adds temporary rules and removes them after the attack ends.

Why It Matters

Why shared hosting servers need DDoS detection

One attack affects everyone

A DDoS attack targeting one site on your shared hosting server affects every other site on that server. Without detection, you do not know which account is being targeted or what kind of attack it is. You just see "the server is slow" tickets.

Faster incident response

When an attack hits, Flowtriq tells you exactly what is happening: the target IP, attack type, traffic volume, and which protocols are involved. You go from guessing to acting in seconds instead of manually analyzing traffic.

Retain customers

Hosting customers leave after downtime. When you can detect and mitigate attacks in seconds and show customers exactly what happened, they stay. Visibility and fast response are competitive advantages.

Traffic visibility

Even without attacks, Flowtriq gives you real-time traffic analytics: bandwidth utilization, PPS, protocol breakdown, and top talkers. Useful for capacity planning and spotting anomalies early.

Protect your cPanel server today

Real-time DDoS detection and automated firewall rules starting at $9.99/node/month. Free 14-day trial with no credit card required.

Start your free trial → View on GitHub Talk to us →
Built by the team behind CVE-2024-45163 | Trusted by ISPs and hosting providers worldwide

FAQ

Frequently Asked Questions

Does ftagent affect cPanel server performance?

ftagent uses under 1% CPU and about 100 MB RAM on a typical shared hosting server. It reads kernel-level network counters, not individual packets, so it adds negligible overhead even on busy servers with hundreds of accounts.

Does this work on CloudLinux with cPanel?

Yes. ftagent runs as a systemd service and works identically on CloudLinux, AlmaLinux, Rocky Linux, and CentOS with cPanel. It does not interact with CageFS or LVE limits.

Can ftagent deploy firewall rules automatically?

Yes. When an attack is detected, ftagent can deploy iptables or nftables rules to drop malicious traffic at the kernel level. Rules target specific attack signatures (protocol, port, packet characteristics) to avoid affecting legitimate traffic.

Does Flowtriq detect attacks on individual cPanel accounts?

Flowtriq monitors the entire server and detects attacks by target IP. If your cPanel server uses dedicated IPs per account, Flowtriq identifies which account is being targeted. On shared IPs, it detects the attack on the shared IP and shows the port and protocol details.

How do I install ftagent on a WHM server?

Run a single command: curl -sL https://get.flowtriq.com | sudo bash. The installer detects your OS, installs dependencies, and configures the agent. You will need your Flowtriq deploy token from the dashboard. The whole process takes about 2 minutes.

Will ftagent conflict with CSF or ConfigServer firewall?

No. ftagent manages its own iptables chain and does not modify CSF rules. Both can run simultaneously. During an attack, ftagent adds rules in its own chain and removes them after the attack ends, leaving CSF rules untouched.