Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Brute force attacks

Discussion in 'Security' started by jmaso, Oct 24, 2014.

  1. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Problems with brute force attacks daily, using high memory
    I looked at my logs - This message is normal?


    Thanks

    usr/local/cpanel/logs/error_log

    Code:
    [2014-10-24 16:03:44 -0200] info [cphulkd] cPHulk Notification => xxxxxxxxxxx via EMAIL [level => 1]
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd-ssl line 6337
	cpanel::cpsrvd::docheckpass_whostmgrd(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__llM-CM-__CPANEL_HIDDEN__dfslkM-CM-__CPANEL_HIDDEN__dfs__CPANEL_HIDDEN__encrypted_pass__CPANEL_HIDDEN__', ...) called at cpsrvd-ssl line 5582
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438

94.102.xx.xxx - - [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
     
    #1 jmaso, Oct 24, 2014
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,703
    Likes Received:
    2,090
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Internal case number 107785 is open to address the "Duplicate logaccess" error in the cPanel error log during certain failed login attempts. However, this message itself should not result in higher loads or memory usage on your system. You may want to implement a third-party firewall management utility such as CSF to help block those types of brute force attempts.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Oct 24, 2014
  3. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    Thanks for the tip...

    I made some adjustments in CSF and now seems to work well

    :eek:
     
    #3 jmaso, Oct 28, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Brute force attacks
  1. aeroweb

    New Thread Stop brute force email logins?

    aeroweb, Apr 20, 2019 at 9:54 AM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    63
    ES - George
    Apr 20, 2019 at 12:41 PM
  2. ard.alberto

    Limit number of brute force emails?

    ard.alberto, Apr 10, 2019, in forum: Security
    Replies:
    8
    Views:
    368
    cPanelLauren
    Apr 12, 2019
  3. Frankenstone

    Over 20.000 Bruteforce Login attempts in one night?

    Frankenstone, Jan 12, 2019, in forum: Security
    Replies:
    6
    Views:
    322
    cPanelMichael
    Jan 14, 2019
  4. joaosavioli

    Brute force wp-login.php modsecurity

    joaosavioli, Sep 4, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    797
    cPanelLauren
    Sep 5, 2018
  5. aboyz

    How to prevent host from bruteforce?

    aboyz, Jul 13, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    379
    cPanelLauren
    Jul 16, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice