Rise in attempted hacking attempts?

[agentblack]

I am just wondering if other Cpanel admins have noticed a major spike in hacking attempts to their systems? In the past two days I have been swamped with blocking international IP addresses from the network, including a government based IP address.

I will gladly share the IP's with anyone whos interested. It appears they are trying to brute force their way in via password. Appears to be via SSH which is disabled for all IP's except one (mine).

Other Cpanel admin's or Cpanel staff have any thoughts or ideas to further lock down the servers.

Thanks!

AB

[Infopro]

I am just wondering if other Cpanel admins have noticed a major spike in hacking attempts to their systems?

Hacking attempts are a part of the landscape in my opinion. Out of date or poorly secured servers and website scripts are good targets and might get more activity at times of course. Do you have modsecurity installed? This part of your security can be a big help in closing some openings for a hacker to poke at.

It appears they are trying to brute force their way in via password. Appears to be via SSH which is disabled for all IP's except one (mine).

Have you moved SSH to another port?

[agentblack]

Hacking attempts are a part of the landscape in my opinion. Out of date or poorly secured servers and website scripts are good targets and might get more activity at times of course. Do you have modsecurity installed? This part of your security can be a big help in closing some openings for a hacker to poke at.



Have you moved SSH to another port?

I have not installed modsecurity due to some mixed reviews i have heard about the software. Ive heard it's good, but at the same time i've heard it can be an admin nightmare if you get locked out.

Moved my ssh to port 22, but i should probably move it yet again since activity is picking up again

[shads]

I am just wondering if other Cpanel admins have noticed a major spike in hacking attempts to their systems? In the past two days I have been swamped with blocking international IP addresses from the network, including a government based IP address.

I will gladly share the IP's with anyone whos interested. It appears they are trying to brute force their way in via password. Appears to be via SSH which is disabled for all IP's except one (mine).

Other Cpanel admin's or Cpanel staff have any thoughts or ideas to further lock down the servers.

Thanks!

AB

Yes I know what you mean, even I was thinking it was quite strange in the number of attacks and login attempts being made all of a sudden.Most of mine seem to come from the Neatherlands now.

[agentblack]

Yes I know what you mean, even I was thinking it was quite strange in the number of attacks and login attempts being made all of a sudden.Most of mine seem to come from the Netherlands now.

Yes that is where alot of mine are coming from as well, but I am getting alot from china, india, and the Philippines. Had a government agency in the Philippines attempt as well.

[shads]

Not to mention the increase in Port scanning

[Infopro]

I have not installed modsecurity due to some mixed reviews i have heard about the software. Ive heard it's good, but at the same time i've heard it can be an admin nightmare if you get locked out.

Moved my ssh to port 22, but i should probably move it yet again since activity is picking up again

You might want to read a few more reviews.

[agentblack]

You might want to read a few more reviews.

granted it was very early 2009 when i last looked into the product so maybe things have changed, i dont know. we will have to see.

[mohit]

I have not installed modsecurity due to some mixed reviews i have heard about the software. Ive heard it's good, but at the same time i've heard it can be an admin nightmare if you get locked out.

Moved my ssh to port 22, but i should probably move it yet again since activity is picking up again

Using PORT 22, is like Giving a Invitation to Hacking problems.
Change this to a non-standard port, and install CSF.

if you are doing Shared hosting, where users use lot of open source like joomla, wordpress, Install Mod-security and use any free ruleset before its late.

I don't think one could live without mod-sec in this wild hacker world.

[agentblack]

Using PORT 22, is like Giving a Invitation to Hacking problems.
Change this to a non-standard port, and install CSF.

if you are doing Shared hosting, where users use lot of open source like joomla, wordpress, Install Mod-security and use any free ruleset before its late.

I don't think one could live without mod-sec in this wild hacker world.

Ok. now im just not so sure in my abilities to install it properly LOL. i will look into them on Thursday. Thanks for the advice.

[cactuscarl]

I'm certainly getting my share of hacking attempts come to find out

Is there a simple yum install for mod-sec? Where can I read about it? Also, how does one change ssh port?

Thanks!

[mohit]

you can change SSH port by editing
/etc/ssh/sshd_config
once you uncomment and change port from 22, make sure you remember the new port else you'll be locked out of server.

It would be better if you search and read through this forum before you try it out.

[CDDHosting]

I have not installed modsecurity due to some mixed reviews i have heard about the software. Ive heard it's good, but at the same time i've heard it can be an admin nightmare if you get locked out.

Moved my ssh to port 22, but i should probably move it yet again since activity is picking up again

Port 22 is way to low, Always choose something really high. Above 50,000 will be good.

[stugster]

We use ConfigServer (ConfigServer Services) and we've noticed a massive spike in port scans in the past week or so.

[cpanelinfoseeker]

We use ConfigServer (ConfigServer Services) and we've noticed a massive spike in port scans in the past week or so.

You are not the only one! Mine have been way higher than normal on one server, the other one is still "normal".

Ron