Newbie question on alfanumeric reported IPs

koda

Well-Known Member
Jan 10, 2014
61
1
8
cPanel Access Level
Root Administrator
CPHulk is reporting repeated attacks from:

9 failed login attempts to account teacher (system) -- Large number of attempts from this IP: tw-245-153.tm.net.my
Reverse DNS: tw-245-153.tm.net.my
Origin Country: Malaysia (MY)
Please use the following links to add to the black list:
Single IP: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.my
/24: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.0/24
/16: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.0.0/16

What should I add to the blacklist I tried adding the /16 range of the IP I pinged from tw-245-153.tm.net.my and from net.my but the attack is still going on.
 

koda

Well-Known Member
Jan 10, 2014
61
1
8
cPanel Access Level
Root Administrator
I see.. yet there is something odd about this one. When I blocked other "normal" IPs on CPhulk the alerts "CPHulk is reporting repeated attacks from:" stopped flowing in. This one keeps coming.
 

koda

Well-Known Member
Jan 10, 2014
61
1
8
cPanel Access Level
Root Administrator
Yes that's right. Luckly we don't have any contacts from those countries wich on the other hand are the main responsable for spamming and scamming against our address and hacking with our websites.