The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Attack of the bots

Discussion in 'Security' started by jlteller, Aug 8, 2010.

  1. jlteller

    jlteller Registered

    Joined:
    May 25, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Forgive if this has been covered already, I couldn't find anything with my anemic search skills.

    I think I'm in the midst of a bot attack. Not a DDOS, if it is it's a bad one, but a series of attempts to SSH into my server. Every minute or two a host attempts to login. They're from countries all around the globe and start with "a" user names and progress through the alphabet all the way to "z." That's a bot attack right? It's happened twice before and just started again. I'm not terribly worried about getting hacked but it's still annoying. Is there a clever/standard practice way to end this or is the answer to just change the SSH port?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,475
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Changing your port for SSH is a standard practice and easy enough to do. Installing a firewall if you haven't yet can also help a great deal in protecting you. ConfigServer Security & Firewall
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    Chirpy's CSF/LFD firewall package will block those IPs automatically for you after they fail login for a predertimined threshold of tolerance you set. Also some other great features in CSF/LFD.

    ConfigServer Security & Firewall

    enjoy!!

    P.S. Chuck !! glad to see you only spending 100 hours a week in here now. you earned it !!
    :) I see you also mentioned CSF. LOL, lets make it 2 votes for that product.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,475
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    2 out of three Server Administrators Agree, that's a consensus that I'd be a part of any day. :p

    I'm way under 100 this week, thanks! :D
     
    #4 Infopro, Aug 15, 2010
    Last edited: Aug 15, 2010
  5. Breezehost

    Breezehost Member

    Joined:
    Aug 21, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    If you are able to see process of bot that is attacking on your server, you could trace what file it is accessing using lsof command. It will help you to trace files that are being accessed by bots and so accounts.
     
Loading...

Share This Page