So - still not completely WHM literate but yesterday a user with a domain on my VPS could not login - found out that cphulk blocked her IP after repeated failed login attempts.
After getting it all fixed I looked into the cphulk a bit more and changed the settings to notify me of repeated failed login attempts.
This morning when I got up and checked my mail I had about 50 emails fromt he server notifying me of repeated failed login attempts to different domains on my server including attempts into the root system
I made sure I black listed all of the IP addresses that I did not recognize (most of them were from Russia, Saudia Arabia and Turkey)
My questions is..... is this common????? or should I be worried about hackers targeting my server? Should I continue to blacklist every IP or should I just let cphulk block the failed attempts?
Just wonderign what everyone else is doing.
After getting it all fixed I looked into the cphulk a bit more and changed the settings to notify me of repeated failed login attempts.
This morning when I got up and checked my mail I had about 50 emails fromt he server notifying me of repeated failed login attempts to different domains on my server including attempts into the root system
I made sure I black listed all of the IP addresses that I did not recognize (most of them were from Russia, Saudia Arabia and Turkey)
My questions is..... is this common????? or should I be worried about hackers targeting my server? Should I continue to blacklist every IP or should I just let cphulk block the failed attempts?
Just wonderign what everyone else is doing.
