A Single EMAIL ID is repeatedly exposed to Brute Force

myilraj

Member
Jan 14, 2018
14
0
1
India
cPanel Access Level
Root Administrator
Dear Team,
Today I have faced a strange issue. Only one email account in the domain name is not logging in via Webmail, Mozilla Thunderbird, or any other mail client. After long research, found it was a Brute Force Attack. Accessed CPHulk and saw so many entries for that particular email address.
1. I have white-listed my IP but still, I am not able to log in.
2. Cleared all reports and tried. Successful in only one attempt and again I was thrown out.
Need your support in this.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,923
912
313
cPanel Access Level
Root Administrator
Hey there! I'm sorry to hear about that brute force issue. If the system detects an issue with a particular account, it can lock just that, so even if your IP was whitelisted the account itself could be off.

If you check the brute force logs, are all those attempted connections coming from one IP address? If so, I'd recommend blocking that IP address at the firewall level so it can no longer make any connection attempts to your server. If you do that, and then clear the brute force history, I would expect things to work well.