Lockout from WHM and SSH due to bruteforce attacks

Hello all,

I have a major problem. I have CPHulk enabled on my server and I am being locked out from both WHM and SSH logins.

Luckily, I have VNCServer installed so, i can login with VNC and disable CPHulk so I could login. However, I am going to remove VNCServer from my server and I don't want to get stuck everytime because someone is brute-forcing into the server. Also, I can not whitelist my machine's IP address because I have dynamic IP from my ISP which would change everytime I restart my router.

I thought that cphulk would only disable WHM login and I would still be able to login with SSH? or does cphulk also monitor SSH login failures?

What are the possible solutions to this problem? Any help would be greatly appreciated.

Thanks in advance,
Adel.

 

Hello Michael,

Well, I am not sure if I am assigned completely different IP address each time or not.. I will try to restart my router multiple times to check.

Will this whitelisting work also on SSH logins? or only on WHM logins?

Another question also, does cPhulk monitor SSH login attempts as well or only WHM login attempts?

Thanks again
Adel

 

Thanks for your reply. I have restarted my router few times and found that the first octet of my IP address is not changing, so I whitelisted it and there are no problems so far.

Do you suggest any other actions I should take? should I change SSH and WHM port numbers? I am suspecting that this attack might be an automated attack which targets default ports.

Thanks again for your support

Best regards,
Adel