Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Brute force reports after moving SSH port?

Discussion in 'Security' started by popularcontent, Jul 20, 2012.

  1. popularcontent

    popularcontent Registered

    Joined:
    Jul 20, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Recently moved our SSH port in an attempt to reduce the number of brute force attempts on our server. Since doing so, we've seen nothing logged in the Login/Brute History Report of WHM regarding failed login attempts.

    I'd like to believe this has alleviated the constant hammering of attacks, however it's now so quiet that I'm skeptical. After moving SSH, is WHM smart enough to keep track and log any further attacks in the "Login/Brute History Report" at the new port number?

    We're running WHM 11.32.3 on CENTOS 5.8 w/Parallels (it's a VPS).

    Thanks in advance! Anthony
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You might try checking for login attempts to /var/log/secure to see the results. If anyone is trying to login and is failing, you'll see the attempts there.

    Code:
    grep "authentication failure" /var/log/secure
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice