The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cphulk Account Protection Question

Discussion in 'E-mail Discussions' started by ljj3, Jun 18, 2015.

  1. ljj3

    ljj3 Member

    Joined:
    Nov 7, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi... I run a VPS and I'm seeing a LOT of attacks against Dovecot SMTP - hundreds of them. Usually they come from "some random IP address" to a user@client.com, where client.com is a site hosted on our server. However client has their own email server - their mail never touches my machine. Usually CSF will kill each attempt after a couple of tries (to the nonexistent email account) - but they come right back with a new IP - hundreds of times a minute.

    Cphulk should help but I have a question. What "account" is it attempting to protect? The client.com account on my server? Or user@client.com - which does not exist on my server so I don't see how it would handle these connection attempts...

    Also for this type of attack is there something else other than CSF/CPhulk I should be doing, as they tend to slow the server down and have cause hangs....

    Thank you much,

    - Lou
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Brute force attempts are attempts for username/password combinations. It's possible for attempts on domain names that do not even exist, as it's all about what the attacker is using during the login attempt. cPHulk will lock out the IP address making the brute force attempt, or the email account itself, depending on how you have configured it. CSF should block the offending IP addresses, but you may want to consult with a system administrator if the attacks require additional custom firewall rules.

    Thank you.
     
Loading...

Share This Page