Large Number of Failed Logins

chasmcg

Active Member
Mar 20, 2005
26
0
151
In the last 24 hours I have had over 120 of these messages from CPanel (large number of failed logins). Mainly from Russia and China but from other countries as well. I suspect it's someone spoofing IPs. I get these messages all the time but nothing like the last 24 hours.

Does "cPHulk Brute Force Protection" ban those IPs each time they send me an email? I hope so. I have manually banned blocks of IPs but they just keep coming. What can be done about this? Thanks for any help or advice.
 

chasmcg

Active Member
Mar 20, 2005
26
0
151
Hello,

Are these attempting to connect to your SSH service ? if so, Changing the default port number would be a very good option here.
Yes, the port number has been changed. But the attempts keeps coming. I have about 5 domains on my server. They're trying to FTP in as well on all domains. Thanks for your reply.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
cHHulk only "protects" cPanel services. I would recommend CSF/LFD for automated blocking of IP addresses with excessive failed logins.
 

chasmcg

Active Member
Mar 20, 2005
26
0
151
Thanks, guys, for the replies. I'm currently using APF as my firewall. Will look at CSF/LFD as an alternative. Also, if CPanel implements something to block IPs as they come in that would be great. Maybe block countries, even.

The failed logins stopped for a day or so but they've started again.