Hi,

I was working on rate-limiting connections made to localhost on my cPanel server because recently I observed attack coming from localhost (127.0.0.1) which was trying to log in to cPanel thousands of times a minute.

Being it a localhost I can’t block 127.0.0.1 from logging in but is there any way I can slow down the login attempts?

Didn't get much help from chkservd and cPhulkd logs.

I also tried to work with PAM module "pam_faildelay" which may slow down multiple attempts but it seems that cPanel is not using PAM authentication. Also everything don't use PAM, there are lots of ways for a system user to authenticate - ftp, sftp, cpanel, webmail, maybe more!

Any suggestion will be appreciated.