The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Brute force attacks

Discussion in 'Security' started by jmaso, Oct 24, 2014.

  1. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Problems with brute force attacks daily, using high memory
    I looked at my logs - This message is normal?


    Thanks

    usr/local/cpanel/logs/error_log

    Code:
    [2014-10-24 16:03:44 -0200] info [cphulkd] cPHulk Notification => xxxxxxxxxxx via EMAIL [level => 1]
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd-ssl line 6337
	cpanel::cpsrvd::docheckpass_whostmgrd(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__llM-CM-__CPANEL_HIDDEN__dfslkM-CM-__CPANEL_HIDDEN__dfs__CPANEL_HIDDEN__encrypted_pass__CPANEL_HIDDEN__', ...) called at cpsrvd-ssl line 5582
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438

94.102.xx.xxx - - [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
     
    #1 jmaso, Oct 24, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Internal case number 107785 is open to address the "Duplicate logaccess" error in the cPanel error log during certain failed login attempts. However, this message itself should not result in higher loads or memory usage on your system. You may want to implement a third-party firewall management utility such as CSF to help block those types of brute force attempts.

    Thank you.
     
    #2 cPanelMichael, Oct 24, 2014
  3. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    Thanks for the tip...

    I made some adjustments in CSF and now seems to work well

    :eek:
     
    #3 jmaso, Oct 28, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Brute force attacks
  1. moodyeye12

    Protection against brute force attacks

    moodyeye12, Feb 23, 2017, in forum: Security
    Replies:
    1
    Views:
    163
    cPanelMichael
    Feb 24, 2017
  2. wgalafassijr

    howto prevent outgoing brute-force attacks

    wgalafassijr, Nov 23, 2016, in forum: Security
    Replies:
    2
    Views:
    399
    cPanelMichael
    Nov 23, 2016
  3. Gaffcain

    Brute force attacks question

    Gaffcain, Aug 25, 2016, in forum: Security
    Replies:
    1
    Views:
    337
    cPanelMichael
    Aug 25, 2016
  4. procopius560

    Blocking Brute Force Attacks - cleartext and weak ciphers

    procopius560, Jul 12, 2016, in forum: Security
    Replies:
    1
    Views:
    352
    cPanelMichael
    Jul 12, 2016
  5. hello-electro

    Huge increase of Dovecot Brute Force

    hello-electro, Apr 22, 2017, in forum: Security
    Replies:
    6
    Views:
    318
    cPanelMichael
    Jun 1, 2017

Share This Page