Hawk and CSF compatibility
Is 1H Hawk compatible with CSF? What are the differences and similarities in both products?
1H Hawk is compatible with CSF and no problems have been reported by clients who use CSF and Hawk. It is good to mention that 1H Hawk functionality overlaps CSF in some cases. Hawk is a bruteforce detection and prevention system that blocks IP addresses from which attacks originate. CSF has the same features, but Hawk gives you the data for bruteforce attempts in a more human readable format and graphs.
What Hawk does is to check for failed login attempts and at a certain failure number reached, it blocks the IP address for a predefined period. After that period is over, the IP is unblocked. If a certain number of failed attempts is reached for a predefined time, eg 15 attempts for 3 min, that will make a bruteforce attempt and again the IP will be blocked by Hawk. All these settings are configurable - http://docs.1h.com/Hawk_Configuration#Configuration_trough_cPanel.2FWHM_plugin
CSF on the other hand, has its own algorithm and criteria for checking and blocking IPs which at the same time do not interfere with the functionality of Hawk. Basically what will happen if they are both running you have 2 separate systems with different algorithms that gives you a better chance to prevent bruteforce attempts, DDOS attacks or attempts to exploit an application running on the server. The odds of both software products to block the same IP at the same time are low, the reason being the different blocking logic they have. Still if that happens, there will be no problem for your server. Both of them will block the IP.