Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Brute force attacks

Discussion in 'Security' started by jmaso, Oct 24, 2014.

  1. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Problems with brute force attacks daily, using high memory
    I looked at my logs - This message is normal?


    Thanks

    usr/local/cpanel/logs/error_log

    Code:
    [2014-10-24 16:03:44 -0200] info [cphulkd] cPHulk Notification => xxxxxxxxxxx via EMAIL [level => 1]
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
	cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
[B]Duplicate logaccess:  at cpsrvd-ssl line 3566[/B]
	cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
	cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd-ssl line 6337
	cpanel::cpsrvd::docheckpass_whostmgrd(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__llM-CM-__CPANEL_HIDDEN__dfslkM-CM-__CPANEL_HIDDEN__dfs__CPANEL_HIDDEN__encrypted_pass__CPANEL_HIDDEN__', ...) called at cpsrvd-ssl line 5582
	cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
	cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
	cpanel::cpsrvd::script() called at cpsrvd-ssl line 438

94.102.xx.xxx - - [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
     
    #1 jmaso, Oct 24, 2014
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,734
    Likes Received:
    1,992
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Internal case number 107785 is open to address the "Duplicate logaccess" error in the cPanel error log during certain failed login attempts. However, this message itself should not result in higher loads or memory usage on your system. You may want to implement a third-party firewall management utility such as CSF to help block those types of brute force attempts.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Oct 24, 2014
  3. jmaso

    jmaso Registered

    Joined:
    Oct 24, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    Thanks for the tip...

    I made some adjustments in CSF and now seems to work well

    :eek:
     
    #3 jmaso, Oct 28, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Brute force attacks
  1. moodyeye12

    Protection against brute force attacks

    moodyeye12, Feb 23, 2017, in forum: Security
    Replies:
    1
    Views:
    794
    cPanelMichael
    Feb 24, 2017
  2. Frankenstone

    Over 20.000 Bruteforce Login attempts in one night?

    Frankenstone, Jan 12, 2019 at 10:00 PM, in forum: Security
    Replies:
    6
    Views:
    185
    cPanelMichael
    Jan 14, 2019 at 11:32 AM
  3. joaosavioli

    Brute force wp-login.php modsecurity

    joaosavioli, Sep 4, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    610
    cPanelLauren
    Sep 5, 2018
  4. aboyz

    How to prevent host from bruteforce?

    aboyz, Jul 13, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    320
    cPanelLauren
    Jul 16, 2018
  5. bcadej

    How does Countries Management cPHulk Brute Force Protection work?

    bcadej, Jul 3, 2018, in forum: Security
    Replies:
    3
    Views:
    469
    Infopro
    Jul 3, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice