Hi Folks,
First posting here and am relatively new to cPanel so apologies in advance if
I don't get all the terminology right first time.
So here's the issue and questions - a few months ago the VPS started receiving
quite a lot of various log in attempts to all services originating from many
different countries. There are about 15 sites on the VPS and all were getting
log in attempts to the various services.
I was receiving lots of emails from the cPHulk system and was busily adding them
to the blacklist.
As we only log in to the server from two countries I started then to add IP Ranges
from several countries to the blacklist. This worked well until today when we received
a few thousand attempts from an IP from a country that wasn't on the blacklist.
The VPS froze with a load count over 300 and the sites went down eventually.
Restarted the VPS and blocked the IP - apparently the cPHulk database needed
repairing and then everything returned to normal.
So the above got me worried and I am unsure as to whether the number of
records in the blacklist would be an issue - it currently stands at around
80,000 records.
I do want to add some more IP ranges from countries that I haven't yet added
but am concerned that I shouldn't?
I didn't want to use the firewall approach as I don't want to block visitors from
various countries just block log in attempts.
Any advice appreciated!
Cheers
Steve
First posting here and am relatively new to cPanel so apologies in advance if
I don't get all the terminology right first time.
So here's the issue and questions - a few months ago the VPS started receiving
quite a lot of various log in attempts to all services originating from many
different countries. There are about 15 sites on the VPS and all were getting
log in attempts to the various services.
I was receiving lots of emails from the cPHulk system and was busily adding them
to the blacklist.
As we only log in to the server from two countries I started then to add IP Ranges
from several countries to the blacklist. This worked well until today when we received
a few thousand attempts from an IP from a country that wasn't on the blacklist.
The VPS froze with a load count over 300 and the sites went down eventually.
Restarted the VPS and blocked the IP - apparently the cPHulk database needed
repairing and then everything returned to normal.
So the above got me worried and I am unsure as to whether the number of
records in the blacklist would be an issue - it currently stands at around
80,000 records.
I do want to add some more IP ranges from countries that I haven't yet added
but am concerned that I shouldn't?
I didn't want to use the firewall approach as I don't want to block visitors from
various countries just block log in attempts.
Any advice appreciated!
Cheers
Steve