The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A lot of Brutes (Excessive Login Failures)

Discussion in 'Security' started by Ivanko#, Dec 10, 2014.

  1. Ivanko#

    Ivanko# Registered

    Joined:
    Sep 9, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hello all. This is my first post in cPanel forum. I am new WHM/cPanel user. I have VPS with CentOS. There i host only Wordpress sites. Security is beyond the scope of cPanel support but despite of that the saved me in one realy critical situation and help me several times. So i figure, I can post on formum, maybe someone will help.

    So, from first time I entered in WHM, in cPHulk, i saw a lot of Brutes (Excessive Login Failures). Each day i blacklist all that IP addresses manualy since i don't have money for CSF (ConfigServer Security & Firewall) which doest that automaticaly as i understud.

    I changed SSH port and when I done that, brutes stoped for few days. But they returned, and today there was like 40+ entries in cPHulk. Do you know what i should do? I don't want someone compromise server becouse these are not my website, there are few sites from serious companies which are depending on me.

    Like I said, I am using up-to-date Wordpress, with up-to-date licenced theme and plugins. I have renamed my wp-login.php page.

    All passwords for all ftp, cpanel, mail, wordpress are excelent 100% (generated). Any advice? Thank you very much!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    CSF is available to you on the ConfigServer website, there is no fee for it.

    It's doing its job. You want that.
     
  3. Ivanko#

    Ivanko# Registered

    Joined:
    Sep 9, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I understand. Thanks!
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm also very new to this, a week old virgin.

    I created this list to add to the CPHULK blacklist.
    Since adding this list, I've not seen one single brute force attack listed.

    Take out the ones which correspond to you, so you don't blacklist yourself.

    Also install CSF, it's really easy to install.
    Once installed, find it at the bottom in plugins.
    Then apply one of the pre-configured profiles. ( i chose high security)

    Fine tune from there.

    - Removed -
     
    #4 keat63, Dec 10, 2014
    Last edited by a moderator: Dec 12, 2014
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Heck of a list you've got there. Where did you come up with that at? :rolleyes:
     
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    belt and braces ;)

    or called making it up as you go along i guess, is there an easier way ?
     
    #6 keat63, Dec 11, 2014
    Last edited: Dec 11, 2014
Loading...

Share This Page