The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Brute force attacks

Discussion in 'Security' started by jmaso, Oct 24, 2014.

  1. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Problems with brute force attacks daily, using high memory
    I looked at my logs - This message is normal?


    Thanks

    usr/local/cpanel/logs/error_log

    Code:
    [2014-10-24 16:03:44 -0200] info [cphulkd] cPHulk Notification => xxxxxxxxxxx via EMAIL [level => 1]
    [B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
    	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
    	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
    	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
    	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
    	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
    	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
    [B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
    	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
    	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
    	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
    	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
    	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
    	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
    [B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
    	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
    	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd-ssl line 6337
    	cpanel::cpsrvd::docheckpass_whostmgrd(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__llM-CM-__CPANEL_HIDDEN__dfslkM-CM-__CPANEL_HIDDEN__dfs__CPANEL_HIDDEN__encrypted_pass__CPANEL_HIDDEN__', ...) called at cpsrvd-ssl line 5582
    	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
    	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
    	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
    
    94.102.xx.xxx - - [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
    94.102.xx.xxx - admini [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
    94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
    94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
    94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
    94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
    94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
    94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
    94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
    94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
    94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
    94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
    94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
    94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Internal case number 107785 is open to address the "Duplicate logaccess" error in the cPanel error log during certain failed login attempts. However, this message itself should not result in higher loads or memory usage on your system. You may want to implement a third-party firewall management utility such as CSF to help block those types of brute force attempts.

    Thank you.
     
  3. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    Thanks for the tip...

    I made some adjustments in CSF and now seems to work well

    :eek:
     
Loading...

Share This Page