The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cphulk and host access control stopped working after upgrade?

Discussion in 'General Discussion' started by kjg, Dec 18, 2008.

  1. kjg

    kjg Well-Known Member

    Joined:
    Mar 2, 2004
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Getting thousands of emails saying "Large Number of Failed Login Attempts from IP 64.185.237.173" since an hour back

    The IP is added to brutes and blocked with expiration 2009-01-01, but after a while it starts all over again.

    Also tried to stop the IP via host acces control (all deny) but it seems not to work either.

    I don't understand this. A guess is that the db is flushed all the time making it possible for the attacker to continue.

    We have the problem on the 3 servers that are upgraded to 11.24.4

    cPanel 11.24.4-R32470 - WHM 11.24.2 - X 3.9
    CENTOS 5.2

    Any help would be very much appreciated.
     
  2. cPanelBrandonM

    Joined:
    Jun 24, 2007
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hello,
    Would it be possible to get you to submit a support ticket so that we may take a look at this server? Thanks in advance.
     
  3. hlooman

    hlooman Registered

    Joined:
    Dec 18, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Same problem with cPHulk

    Hello, I have the exact same problem, 11K+ emails with login attempts in 2 days since the update.

    Tried reconfiguring CPHulk to no avail.

    Keep me informed on any progress on this.

    Thanks, Hans.
     
  4. Zazoos1

    Zazoos1 Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Yes, I am experiencing this SAME problem since the upgrade. Thousands upon thousands of emails... opened support ticket yesterday but so far no reply.
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Please post the ticket # so we can look into this.

    Thanks
     
  6. headout

    headout Well-Known Member

    Joined:
    Aug 20, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    We have the same problem, after the update.
    cPanel 11.24.4-R32603 - WHM 11.24.2 - X 3.9
    FREEBSD 6.2 i386 on standard

    Users don't get blocked. The expiration time just gets renewed.
     
  7. kjg

    kjg Well-Known Member

    Joined:
    Mar 2, 2004
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Update:
    We posted a ticket to support and they solved it after a while.
    According to them, there will be a fix in the next release.

    Seems that the protection works ok, but the system keeps sending emails also after the ip is blocked.
     
  8. jack01

    jack01 Well-Known Member

    Joined:
    Jul 21, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
  9. kjg

    kjg Well-Known Member

    Joined:
    Mar 2, 2004
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    As I said in the post above, the cpanel tech people solved it and told me:

    "The issue (multiple E-Mails for a brute force attack) has been patched and will be available in revision 32707+."

    I got that answer dec 30 and some 14 hours later I got the following:
    "The fix is being tested and should be out in all 11.24 Builds soon."

    So I guess it is on its way
     
Loading...

Share This Page