cPanel Forums

kjg · #1 (**permalink**) 12-18-2008, 10:31 AM

Getting thousands of emails saying "Large Number of Failed Login Attempts from IP 64.185.237.173" since an hour back

The IP is added to brutes and blocked with expiration 2009-01-01, but after a while it starts all over again.

Also tried to stop the IP via host acces control (all deny) but it seems not to work either.

I don't understand this. A guess is that the db is flushed all the time making it possible for the attacker to continue.

We have the problem on the 3 servers that are upgraded to 11.24.4

cPanel 11.24.4-R32470 - WHM 11.24.2 - X 3.9
CENTOS 5.2

Any help would be very much appreciated.

**cPanelBrandonM** · #2 (**permalink**) 12-18-2008, 10:40 AM

Hello,
Would it be possible to get you to submit a support ticket so that we may take a look at this server? Thanks in advance.

hlooman · #3 (**permalink**) 12-18-2008, 06:43 PM

Hello, I have the exact same problem, 11K+ emails with login attempts in 2 days since the update.

Tried reconfiguring CPHulk to no avail.

Keep me informed on any progress on this.

Thanks, Hans.

Zazoos1 · #4 (**permalink**) 12-19-2008, 08:00 AM

Yes, I am experiencing this SAME problem since the upgrade. Thousands upon thousands of emails... opened support ticket yesterday but so far no reply.

**cpanelnick** · #5 (**permalink**) 12-19-2008, 10:21 AM

Quote:

Originally Posted by Zazoos1

Yes, I am experiencing this SAME problem since the upgrade. Thousands upon thousands of emails... opened support ticket yesterday but so far no reply.

Please post the ticket # so we can look into this.

Thanks

headout · #6 (**permalink**) 12-29-2008, 03:55 AM

We have the same problem, after the update.
cPanel 11.24.4-R32603 - WHM 11.24.2 - X 3.9
FREEBSD 6.2 i386 on standard

Users don't get blocked. The expiration time just gets renewed.

kjg · #7 (**permalink**) 01-03-2009, 03:15 PM

Update:
We posted a ticket to support and they solved it after a while.
According to them, there will be a fix in the next release.

Seems that the protection works ok, but the system keeps sending emails also after the ip is blocked.

jack01 · #8 (**permalink**) 01-05-2009, 02:30 PM

The bugzilla is here:

http://bugzilla.cpanel.net/show_bug.cgi?id=8457

everyone affected please vote if you can.

kjg · #9 (**permalink**) 01-06-2009, 11:05 AM

As I said in the post above, the cpanel tech people solved it and told me:

"The issue (multiple E-Mails for a brute force attack) has been patched and will be available in revision 32707+."

I got that answer dec 30 and some 14 hours later I got the following:
"The fix is being tested and should be out in all 11.24 Builds soon."

So I guess it is on its way

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode