Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cphulk Account Protection Question

Discussion in 'E-mail Discussion' started by ljj3, Jun 18, 2015.

  1. ljj3

    ljj3 Active Member

    Nov 7, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Reseller Owner
    Hi... I run a VPS and I'm seeing a LOT of attacks against Dovecot SMTP - hundreds of them. Usually they come from "some random IP address" to a, where is a site hosted on our server. However client has their own email server - their mail never touches my machine. Usually CSF will kill each attempt after a couple of tries (to the nonexistent email account) - but they come right back with a new IP - hundreds of times a minute.

    Cphulk should help but I have a question. What "account" is it attempting to protect? The account on my server? Or - which does not exist on my server so I don't see how it would handle these connection attempts...

    Also for this type of attack is there something else other than CSF/CPhulk I should be doing, as they tend to slow the server down and have cause hangs....

    Thank you much,

    - Lou
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    Brute force attempts are attempts for username/password combinations. It's possible for attempts on domain names that do not even exist, as it's all about what the attacker is using during the login attempt. cPHulk will lock out the IP address making the brute force attempt, or the email account itself, depending on how you have configured it. CSF should block the offending IP addresses, but you may want to consult with a system administrator if the attacks require additional custom firewall rules.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice