The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Newbie question on alfanumeric reported IPs

Discussion in 'Security' started by koda, Feb 21, 2014.

  1. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    CPHulk is reporting repeated attacks from:

    9 failed login attempts to account teacher (system) -- Large number of attempts from this IP: tw-245-153.tm.net.my
    Reverse DNS: tw-245-153.tm.net.my
    Origin Country: Malaysia (MY)
    Please use the following links to add to the black list:
    Single IP: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.my
    /24: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.0/24
    /16: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.0.0/16

    What should I add to the blacklist I tried adding the /16 range of the IP I pinged from tw-245-153.tm.net.my and from net.my but the attack is still going on.
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Blocking IPs via cphulk does not prevent the ips from connecting to your server - it only prevents them from being able to authenticate. If you want to block IPs, you need to use an actual firewall like APF or CSF.
     
  3. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I see.. yet there is something odd about this one. When I blocked other "normal" IPs on CPhulk the alerts "CPHulk is reporting repeated attacks from:" stopped flowing in. This one keeps coming.
     
  4. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Well I blocked the whole malaysa, china, taiwan and korea and now it stopped... :)
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Keep in mind that while it might stop the attack, it could also block legitimate traffic from those countries.

    Thank you.
     
  6. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Yes that's right. Luckly we don't have any contacts from those countries wich on the other hand are the main responsable for spamming and scamming against our address and hacking with our websites.
     
Loading...

Share This Page