jmaso

Registered
Oct 24, 2014
2
0
1
cPanel Access Level
Root Administrator
Hi,

Problems with brute force attacks daily, using high memory
I looked at my logs - This message is normal?


Thanks

usr/local/cpanel/logs/error_log

Code:
[2014-10-24 16:03:44 -0200] info [cphulkd] cPHulk Notification => xxxxxxxxxxx via EMAIL [level => 1]
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd-ssl line 6337
	cpanel::cpsrvd::docheckpass_whostmgrd(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__llM-CM-__CPANEL_HIDDEN__dfslkM-CM-__CPANEL_HIDDEN__dfs__CPANEL_HIDDEN__encrypted_pass__CPANEL_HIDDEN__', ...) called at cpsrvd-ssl line 5582
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438

94.102.xx.xxx - - [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello :)

Internal case number 107785 is open to address the "Duplicate logaccess" error in the cPanel error log during certain failed login attempts. However, this message itself should not result in higher loads or memory usage on your system. You may want to implement a third-party firewall management utility such as CSF to help block those types of brute force attempts.

Thank you.