The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New MFC printer created security vulnerability?

Discussion in 'Security' started by scruft, Jun 4, 2014.

  1. scruft

    scruft Registered

    Joined:
    Jun 4, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi All,

    I have a VPS with a number of accounts on it, and recently I've been receiving a lot of "large number of failed login attempts" from cPHulk.

    Last week I installed a new FujiXerox CM305 df multifunction printer for one of my customers in her shop, and set it up to be able to scan to email. Unfortunately in order to get it working, I had to turn off "Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server" because as far as I can tell the machine can't handle TLS.

    Since then, a lot of the failed login attempts have come through, trying to access (non-existent) accounts like "copier", "scan", "xerox", "scanner", "reception" - common email addresses a business would use for their scanner.

    Does anyone know how or why this would start happening? Could it be a virus on one of the computers networked to the printer? Suggestions on how to fix it?

    Also, a related question - is there a blacklist of known hacker IPs that I can access so cPanel will automatically block them in the firewall? Some kind of plugin?

    Thank you
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I suggest simply ensuring that complex passwords are used, and blocking any IP addresses that make brute force attempts. I am not aware of any public lists of IP addresses where potential hacking/brute force attempts have originated. CSF is a good firewall management utility if you do not already use it.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You need to look at what IP address(es) generate those failed logins. If they're not your IP addresses, or your clients IP address, I'd be less concerned.

    I 2nd the recommendation for CSF. It's free and will block IPs that generate excessive failed logins.
     

Share This Page