cPanel 11.24.4-R32603 WHM 11.24.2 - X 3.9, running on CentOS v5.2
Howdy, All,
Curious about some log entries in /var/messages, excerpted as:
Connection service=system ip= port= user=xxx blocked by cphulkd (Too many failures for this username)
The 'xxx' in user=xxx looks to be a dictionary list of common people names.
There were about 600 attempts over a five hour span this last time around, just cycling alphabetically through different user names.
Trying to figure out where the attack may be coming from, as there's no IP or port shown.
Never got an email from cphulkd either. even though the 'send notification' box is checked.
I have password login disabled for SSH, and am also using non-standard ports for both SSH & FTP. Alas, as WHM & cPanel web access is still hard-coded, those ports can't be changed.
Any idea how to determine where the intruder(s) are trying to get in?
Thanks!
--
Carl
Howdy, All,
Curious about some log entries in /var/messages, excerpted as:
Connection service=system ip= port= user=xxx blocked by cphulkd (Too many failures for this username)
The 'xxx' in user=xxx looks to be a dictionary list of common people names.
There were about 600 attempts over a five hour span this last time around, just cycling alphabetically through different user names.
Trying to figure out where the attack may be coming from, as there's no IP or port shown.
Never got an email from cphulkd either. even though the 'send notification' box is checked.
I have password login disabled for SSH, and am also using non-standard ports for both SSH & FTP. Alas, as WHM & cPanel web access is still hard-coded, those ports can't be changed.
Any idea how to determine where the intruder(s) are trying to get in?
Thanks!
--
Carl