The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk and botnet

Discussion in 'Security' started by Esky, Jun 21, 2010.

  1. Esky

    Esky Active Member

    Joined:
    Mar 15, 2004
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Netherlands
    cPanel Access Level:
    DataCenter Provider
    For a few days now tons of IP's have been trying to gain access to our servers via ssh, so I suspect a botnet. every morning my mailbox is filled with hundreds of mails per server from cPHulk saying it banned IP's.

    What I'm wondering is if there is a way to stop or prevent this kind of botnet attacks.
     
  2. TSJaysonG

    TSJaysonG Registered
    PartnerNOC

    Joined:
    Nov 20, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    You could use tcpwrappers to protect the SSHd service and only allow certain IPs access. This would prevent them from being able to even authenticate to the server and would just discard their connection.

    You could also change the SSH port to a different port.

    Other than that you would need some sort of network firewall to filter the connections out at the network level before it reaches the server.
     
  3. jerrybell

    jerrybell Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    I am having this problem as well. I implemented ssh guard (Sshguard), which updates the firewall rules as brute force attacks are identified. It works quite well.
     
Loading...

Share This Page