Excessive Number of Failed Logins


Jul 2, 2017
cPanel Access Level
Root Administrator
Hello there,

how to stop this Excessive Number of Failed Login Attempts from 211.117.xx.xxx (Korea, Republic of:KR)..

Latest 24 hour i received more than 300 emails with this message..

Also when i log in as root on SSH, i see there that was 89000 attempts to login as root before my attempt.

Thank you
Last edited by a moderator:

Muhammed Fasal

Well-Known Member
Aug 9, 2017
cPanel Access Level
Root Administrator

Is CSF installed on your server? If so, it may autoblock these IPs once the failed login attempt limits reached. You can check whether the IP blocked or not on your server with below command: (Do not forget to change the IP with the exact IP address)
csf -g IP
If it's not in Deny chain, then you can block this IP with below command:
csf -d IP
The best solution would be set the SSH port to a secure one other than default 22. You can change the SSH port of your server in /etc/ssh/sshd_config file. Locate the following line:
# Port 22
Remove # and change 22 to your desired port number. and save the file.

Restart the sshd service by running the following command:
service sshd restart
Make sure to take a backup of the file before makes the edit. Once the port changed, you need to specify the custom SSH port while access the server. If you are login via terminal, you can access by: