DNS Only and Brute force lockout

J

Jmz

Registered
Aug 13, 2013
4
0
1
cPanel Access Level
Reseller Owner
I have 2 DNS Only servers setup in a cluster with all my cPanel VPSs. If either one gets brute forced (obviously failed) it will lock root account. Which is normal behavior and acceptable. The problem is that when root account is locked, the servers can no longer access whichever NS was brute forced. So, I get emails alerting me to DNS Cluster errors all day. Which in reality, they don't exist and its difficult to determine whether its a real failure of DNS or just a brute force lockout.

Is there a way to prevent blocking access to accounts using the remote access key? Or maybe another workaround where cPanel servers can still query NS servers while brute force lockout is in effect on root account?
 
S

simonas

Well-Known Member
Apr 21, 2013
141
0
16
Lithuania
cPanel Access Level
Root Administrator
Hi,

Did you saw that CpHulk brute force protection has whitelist capability?

Go to cPHulk Brute Force Protection
Select White/Black List Management
And add your servers ips in White list. They will be allowed to connect.
 
J

Jmz

Registered
Aug 13, 2013
4
0
1
cPanel Access Level
Reseller Owner
Thanks. Yeah I saw that but I guess I misinterpreted what it was for. But I added my IPs so we will see.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,267
463
Hello :)

You may want to consider implementing a third-party firewall such as CSF/LFD and then disabling cPhulkd if your servers are under a consistent brute force attack. While cPhulkd is helpful, it will not block the offending IP addresses, which is something a firewall can do. This will help prevent cases when the "root" user is locked out, resulting in failed authentication attempts from the hosting server.

Thank you.
 
J

Jmz

Registered
Aug 13, 2013
4
0
1
cPanel Access Level
Reseller Owner
cPanelMichael said:
Hello :)

You may want to consider implementing a third-party firewall such as CSF/LFD and then disabling cPhulkd if your servers are under a consistent brute force attack. While cPhulkd is helpful, it will not block the offending IP addresses, which is something a firewall can do. This will help prevent cases when the "root" user is locked out, resulting in failed authentication attempts from the hosting server.

Thank you.
Click to expand...
Well it isn't quite all day events. Its just 6 WHM servers trying to update DNS and I get cluster errors from those in a 10 min lockout window. I would maybe say it happens twice a day. But I usually blacklist IPs that are trying to brute force root especially on the NS.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Cloudflare configuration for Cpanel DNS mail records Security 1
S Dynamic DNS / SSL / Synology NAS Security 7
M Whitelisting Dynamic DNS hostnames Security 5
C AutoSSL failing for domains with external DNS but hosted and resolving to cpanel server Security 5
vicos AutoSSL: WARN Local HTTP DCV error" -- Using my own DNS Server and we don't want those cPanel subdomains defined. Workaround? Security 10
Similar threads
Cloudflare configuration for Cpanel DNS mail records
Dynamic DNS / SSL / Synology NAS
Whitelisting Dynamic DNS hostnames
AutoSSL failing for domains with external DNS but hosted and resolving to cpanel server
AutoSSL: WARN Local HTTP DCV error" -- Using my own DNS Server and we don't want those cPanel subdomains defined. Workaround?
Top Bottom