Large Number of Failed Login Attempts

marsm

Member
Jan 17, 2013
10
0
1
cPanel Access Level
Root Administrator
In recent weeks/months, I've been getting a lot of messages like this:

5 failed login attempts to account XXXX (pop3) -- Large number of attempts from this IP: XX.XX.XX.XX

Reverse DNS: XX-XX-XX-XXXX.net

Origin Country: United Kingdom (GB)


While cpanel is clearly catching these, I have discovered that some people have been able to "get through" and have been using our server to send out emails in the form of large mailing lists.

Because of this, our server has now been hit with multiple blacklists which is extremely frustrating.

My questions are:

1. How can we better protect ourselves to prevent dodgy people out there using our SMTP to fire our email/spam?
2. What's the process to getting ourselves whitelisted (from an email perspective)?

Any help and advice would be greatly appreciated.

Regards,
Mars
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

The first step you should take is to require that your users and their email accounts use strong passwords that are not easily brute forced. Also, the following document provides some tips on preventing email abuse:

cPanel - Prevent Email Abuse

The whitelist process varies with each remote mail server. You will need to review each remote mail server that has blocked your server to determine what steps are necessary.

Thank you.
 

marsm

Member
Jan 17, 2013
10
0
1
cPanel Access Level
Root Administrator
Hmm... I have most of the things activated that have been covered in the document... passwords on our email are strong. Will keep monitoring things.