Newbie question on alfanumeric reported IPs

[koda]

CPHulk is reporting repeated attacks from:

9 failed login attempts to account teacher (system) -- Large number of attempts from this IP: tw-245-153.tm.net.my
Reverse DNS: tw-245-153.tm.net.my
Origin Country: Malaysia (MY)
Please use the following links to add to the black list:
Single IP: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.my
/24: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.0/24
/16: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.0.0/16

What should I add to the blacklist I tried adding the /16 range of the IP I pinged from tw-245-153.tm.net.my and from net.my but the attack is still going on.

 

[vanessa]

Blocking IPs via cphulk does not prevent the ips from connecting to your server - it only prevents them from being able to authenticate. If you want to block IPs, you need to use an actual firewall like APF or CSF.

 

[koda]

I see.. yet there is something odd about this one. When I blocked other "normal" IPs on CPhulk the alerts "CPHulk is reporting repeated attacks from:" stopped flowing in. This one keeps coming.

 

[koda]

Well I blocked the whole malaysa, china, taiwan and korea and now it stopped...

 

[cPanelMichael]

Well I blocked the whole malaysa, china, taiwan and korea and now it stopped...

Keep in mind that while it might stop the attack, it could also block legitimate traffic from those countries.

Thank you.

 

[koda]

Yes that's right. Luckly we don't have any contacts from those countries wich on the other hand are the main responsable for spamming and scamming against our address and hacking with our websites.