The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Brute force reports after moving SSH port?

Discussion in 'Security' started by popularcontent, Jul 20, 2012.

  1. popularcontent

    popularcontent Registered

    Joined:
    Jul 20, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Recently moved our SSH port in an attempt to reduce the number of brute force attempts on our server. Since doing so, we've seen nothing logged in the Login/Brute History Report of WHM regarding failed login attempts.

    I'd like to believe this has alleviated the constant hammering of attacks, however it's now so quiet that I'm skeptical. After moving SSH, is WHM smart enough to keep track and log any further attacks in the "Login/Brute History Report" at the new port number?

    We're running WHM 11.32.3 on CENTOS 5.8 w/Parallels (it's a VPS).

    Thanks in advance! Anthony
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You might try checking for login attempts to /var/log/secure to see the results. If anyone is trying to login and is failing, you'll see the attempts there.

    Code:
    grep "authentication failure" /var/log/secure
     
Loading...

Share This Page