Newbie question on alfanumeric reported IPs

koda

Well-Known Member
Jan 10, 2014
61
2
8
cPanel Access Level
Root Administrator
CPHulk is reporting repeated attacks from:

9 failed login attempts to account teacher (system) -- Large number of attempts from this IP: tw-245-153.tm.net.my
Reverse DNS: tw-245-153.tm.net.my
Origin Country: Malaysia (MY)
Please use the following links to add to the black list:
Single IP: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.my
/24: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.net.0/24
/16: http s://mail.asdasd.it:2087/cgi/bl.cgi?ip=tw-245-153.tm.0.0/16

What should I add to the blacklist I tried adding the /16 range of the IP I pinged from tw-245-153.tm.net.my and from net.my but the attack is still going on.
 

koda

Well-Known Member
Jan 10, 2014
61
2
8
cPanel Access Level
Root Administrator
I see.. yet there is something odd about this one. When I blocked other "normal" IPs on CPhulk the alerts "CPHulk is reporting repeated attacks from:" stopped flowing in. This one keeps coming.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Well I blocked the whole malaysa, china, taiwan and korea and now it stopped... :)
Keep in mind that while it might stop the attack, it could also block legitimate traffic from those countries.

Thank you.
 

koda

Well-Known Member
Jan 10, 2014
61
2
8
cPanel Access Level
Root Administrator
Yes that's right. Luckly we don't have any contacts from those countries wich on the other hand are the main responsable for spamming and scamming against our address and hacking with our websites.