captainron19

Active Member
Nov 10, 2011
33
1
56
cPanel Access Level
Root Administrator
So - still not completely WHM literate but yesterday a user with a domain on my VPS could not login - found out that cphulk blocked her IP after repeated failed login attempts.

After getting it all fixed I looked into the cphulk a bit more and changed the settings to notify me of repeated failed login attempts.

This morning when I got up and checked my mail I had about 50 emails fromt he server notifying me of repeated failed login attempts to different domains on my server including attempts into the root system

I made sure I black listed all of the IP addresses that I did not recognize (most of them were from Russia, Saudia Arabia and Turkey)

My questions is..... is this common????? or should I be worried about hackers targeting my server? Should I continue to blacklist every IP or should I just let cphulk block the failed attempts?

Just wonderign what everyone else is doing.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello :)

This is a common occurrence, so it's best to combine cPHulk with a third-party firewall such as CSF that offers additional security measures to block brute force attacks.

Thank you.
 

captainron19

Active Member
Nov 10, 2011
33
1
56
cPanel Access Level
Root Administrator

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I see the Single IP line directs the IP directly..... what are the other 2?
It's CIDR notation. It's to block all IP addresses in the specified range. You can search for CIDR notation on a search engine to get a more detailed explanation on what the numbers mean.

Thank you.