cPHulk and botnet

E

Esky

Active Member
Mar 15, 2004
34
0
156
Netherlands
cPanel Access Level
DataCenter Provider
For a few days now tons of IP's have been trying to gain access to our servers via ssh, so I suspect a botnet. every morning my mailbox is filled with hundreds of mails per server from cPHulk saying it banned IP's.

What I'm wondering is if there is a way to stop or prevent this kind of botnet attacks.
 
T

TSJaysonG

Registered
PartnerNOC
Nov 20, 2006
4
0
151
You could use tcpwrappers to protect the SSHd service and only allow certain IPs access. This would prevent them from being able to even authenticate to the server and would just discard their connection.

You could also change the SSH port to a different port.

Other than that you would need some sort of network firewall to filter the connections out at the network level before it reaches the server.
 
J

jerrybell

Well-Known Member
Nov 27, 2006
90
0
156
I am having this problem as well. I implemented ssh guard (Sshguard), which updates the firewall rules as brute force attacks are identified. It works quite well.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
E SOLVED Remove IP Address from cPHulk Whitelist via cli/terminal? Security 8
T cpHulk security warning on deactived sshd service. Security 2
N cpHulk locked root Security 1
X cPHulk Security 1
Z cPHulk Questions Security 4
Similar threads
SOLVED Remove IP Address from cPHulk Whitelist via cli/terminal?
cpHulk security warning on deactived sshd service.
cpHulk locked root
cPHulk
cPHulk Questions
Top Bottom