Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

5 failed login attempts to account

Discussion in 'Security' started by FeeReD, Feb 21, 2014.

  1. FeeReD

    FeeReD Well-Known Member

    Joined:
    Dec 1, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    156
    Okay, so for the past 2 days, my server has experienced multiple brute force attacks on a 3 specific email accounts. It's not a problem I suppose but it does get quite annoying. And in the rare event that they actually guess the correct password, I am screwed.

    What do you guys suggest I do? I wouldn't care so much if it was 4 or 5 a day, but this is getting to be once every 2 minutes consecutively. Last night, I was probably getting at least 100+ attempts within 10 minutes.

    Cheers
     
    #1 FeeReD, Feb 21, 2014
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,758
    Likes Received:
    1,886
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    You could enable cPHulkd to help prevent a successful brute force. However, you may also want to utilize a firewall management tool such as CSF to block the IP addresses. Also, make sure you are using as complex passwords for your email accounts as you can.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Feb 21, 2014
  3. FeeReD

    FeeReD Well-Known Member

    Joined:
    Dec 1, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    156
    Hey Michael,

    Thanks for the prompt response. I've set the field "Maximum Failures Per IP before IP is blocked for two week period:" to 5 but that only goes for 2 weeks. I'm assuming there isn't a away to extend that ban unless I block the IP's manually? Or use a third party firewall of course.
     
    #3 FeeReD, Feb 21, 2014
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,354
    Likes Received:
    404
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There's a lot of this going around right now. For example, attacks on admin @ somedomain.com email addresses.

    cPHulk can be helpful, A tightly secured server running CSF can be even more help.

    The good news is your server is blocking them. This sort of thing only goes on for a few days. I had it going on here a while back, looked closer at any of my accounts using admin@ emails and contacted them to ask if they used it, and if yes, make sure the pass is rock solid. If they don't, kill it.

    That won't stop the attacks of course, but at least you can feel better about trying to keep things locked down.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Feb 21, 2014
  5. FeeReD

    FeeReD Well-Known Member

    Joined:
    Dec 1, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    156
    Well, I am realizing now that they will never be able to log in. I use a remote exchange and they keep trying to connect to my cPanel server...

    Either way, password is strong and I guess I feel better knowing now that it's not just me.
     
    #5 FeeReD, Feb 21, 2014
  6. edigest

    edigest Active Member

    Joined:
    Nov 24, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    S. Pole
    cPanel Access Level:
    Root Administrator
    CSF/LFD (ConfigServer Security & Firewall) can be configured to block those attack after a configurable number of invalid login attempts. Fail2Ban is also a good option.

    A large number like that in a short time implies a bot. If that is the case, you may be able to block the attacks using mod_security. I also block any visitor to any of my servers that does not have a valid user agent. That alone has cut down a lot of mischief.

    Last, but not least, enforce strong passwords.
     
    #6 edigest, Feb 21, 2014
  7. greenflyms

    greenflyms Registered

    Joined:
    Sep 26, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I see between 50 - 150 failed login attempts daily. These are from every country on the planet and attempting usernames from A-Z and so far (knock on wood) no one has permeated the system. So no it is not just you. Thsi last Monday was an exceptionally prolific day of attempts.

    Either way, password is strong and I guess I feel better knowing now that it's not just me.[/QUOTE]
     
    #7 greenflyms, Jul 17, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - failed login attempts
  1. smilicus

    Failed Email Login Attempts Auto IP Block

    smilicus, Nov 23, 2016, in forum: General Discussion
    Replies:
    1
    Views:
    1,100
    Infopro
    Nov 23, 2016
  2. Oualid

    Excessive number of failed login

    Oualid, Apr 20, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    135
    cPanelLauren
    Apr 20, 2018
  3. EneaXH

    Excessive Number of Failed Logins

    EneaXH, Nov 1, 2017, in forum: Security
    Replies:
    2
    Views:
    509
    cPanelMichael
    Nov 1, 2017
  4. keat63

    Failed Dovecot Logins

    keat63, Jun 28, 2017, in forum: E-mail Discussion
    Replies:
    6
    Views:
    962
    CrazyforLinux
    Jun 30, 2017
  5. Guribajwa

    cPHulk Failed Login Emails

    Guribajwa, Nov 29, 2016, in forum: Security
    Replies:
    1
    Views:
    614
    cPanelMichael
    Nov 30, 2016

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice