I get email notifications "Excessive Number of Failed Login Attempts from IP ..." When I click on the link in the email URL to add them to the black list it says it can't find the server. What do i need to change?
Hello
Could you let us know which version of cPanel is installed on your system? EX:
Code:
cat /usr/local/cpanel/version11.48.0 (build 12) Maybe it has something to do with the firewall. What I have had to do was go to the link and copy the ip address and paste it in CPHulk.
The issue you have described should have been addressed with internal case number 160929 in cPanel version 11.48.0.11. Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.
Thank you.
Thank you.
You don't have to be a direct customer to open a support ticket. You simply need root access to your server.
Thank you.
Thank you.
The error is because my hostname was not resolving to an IP address and I needed to set the hostname.
I am happy to see you were able to determine the cause of the issue. Thank you for updating us with the outcome.
Is there anyway to set it up so these ip addresses get added automatically? Since I got the new server set up I get about 3 emails a day with ip addresses to add to the blacklist.
Is this a normal about of "Excessive Number of Failed Login Attempts" emails?
Is this a normal about of "Excessive Number of Failed Login Attempts" emails?
You can see all of the configuration options for cPhulk at:
"WHM Home » Security Center » cPHulk Brute Force Protection"
You only have to add the IP address to the blacklist if you want to block it permanently.
Thank you.
"WHM Home » Security Center » cPHulk Brute Force Protection"
You only have to add the IP address to the blacklist if you want to block it permanently.
Thank you.
Ok so from what I can tell it won't add then automatically. So is there any harm if I don't add them to the blacklist? Is about 3 emails a day, is this a normal amount of email notifications?
There's no normal amount of emails, as it just depends on how often brute force attempts are made on your server. You don't have to add those IP addresses to the blacklist unless you notice those same IP addresses continue to make brute force attempts.
Thank you.
Thank you.
Thanks. Just trying to be extra cautious. When I get the email it has three links. One is single IP, then /24 and /16 what should I enter? I was putting all three.
Those are provided in-case you want to block more than just the individual IP address:
CIDR Notation
Thank you.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| J | cPHulk inaccurate country IP matching | Security | 3 | |
| T | SOLVED [CPANEL-27445] Excessive cPHulk notifications for blacklisted IPs and Countries | Security | 10 | |
| A | Disable cPHulk email notifications? | Security | 3 | |
| L | cpHulk SMS notifications stopped | Security | 4 | |
| S | Cphulk notification every one minute | Security | 1 |