The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cphulk not stopping brute force against pop3

Discussion in 'Security' started by steven bradbury, Mar 25, 2011.

  1. steven bradbury

    steven bradbury Registered

    Joined:
    Mar 25, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I see a few other threads related to this, but they're old and no real good solution other than to use a different product...

    I have cphulk enabled, maximum attempts per IP address is set to 5, but I still see logs like below almost every night.

    (this is just a small clip)
    LOGIN FAILED, user=Test@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=a@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=aaron@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=abe@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=abel@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=abigail@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=abraham@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=accept@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=account@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=accounting@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=accounts@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=ace@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=ada@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=adam@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=adm@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=admin@domain.com, ip=[::ffff:64.235.56.188]: 15 Time(s)
    LOGIN FAILED, user=administrator@domain.com, ip=[::ffff:64.235.56.188]: 3 Time(s)
    LOGIN FAILED, user=admins@domain.com, ip=[::ffff:64.235.56.188]: 3 Time(s)
    LOGIN FAILED, user=adrian@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=agent@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=al@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=alan@domain.com, ip=[::ffff:64.235.56.188]: 4 Time(s)
    LOGIN FAILED, user=albert@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=albertha@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=alec@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=alex@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=alexander@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=alexandra@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=alfred@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=alias@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=alice@domain.com, ip=[::ffff:64.235.56.188]: 2 Time(s)
    LOGIN FAILED, user=alicia@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)
    LOGIN FAILED, user=alison@domain.com, ip=[::ffff:64.235.56.188]: 1 Time(s)

    Any suggestions? WHM 11.28.87, CENTOS 5.5 x86_64
     
  2. steven bradbury

    steven bradbury Registered

    Joined:
    Mar 25, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Correct, courier does not work with cPHulk Brute Force Protection to track or block IPs when using an email client (webmail, however, does still work to get these tracked and blocked for those failed login attempts). If you require this functionality, you will need to use Dovecot.
     
Loading...

Share This Page