The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reduce the number of login attempts and blocking accounts

Discussion in 'Security' started by Huusoku, Dec 23, 2010.

  1. Huusoku

    Huusoku Active Member

    Joined:
    Dec 24, 2008
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Hello cP,

    I did some searching a while ago and couldn't find an answer to this so I finally got around to posting the question here :D

    I wouldn't say we get a "huge" amount of failed logins (hackers?), I'd say my server notifies me about 5 times per day on average.

    I get emails with the subject "Large Number of Failed Login Attempts from IP..." that says, "5 failed login attempts to account..." and I am wondering how can I reduce this number '5' down to like 1 or 2? I know what my password is and I never get it wrong. But just in case, I only need like 1 or at most 2 attempts to ever get in (uncommon event I mistype in haste or something).

    My 2nd question: Apart from the root user, we only have 2 users total on our server, and I only use the root user to login for everything (I've heard this is bad practice?). Many of these "failed login attempts" I receive are for users we don't have, like 'system', 'home', 'admin', 'public', 'tech', 'test', 'web', 'webmaster', 'postmaster', 'training', 'chairman', etcetera How can I block all accounts from even 'attempting' to log in except for the root account?

    Thank you everyone! :) Happy Holidays!!
    Huusoku
     
  2. Huusoku

    Huusoku Active Member

    Joined:
    Dec 24, 2008
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Whoops, sorry for posting this in the new user section. I'm still new to cPanel so I figured I'd post this basic question there!

    Merry Christmas everyone!
    Huusoku
     
  3. aapkapratik

    aapkapratik Member

    Joined:
    Oct 26, 2009
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    Regarding your query about " Large Number of Failed Login Attempts from IP " on your Linux server , I'll suggest you to use and configure the firewall on the server correctly.

    The Firewall csf provides following configurations
    Substituting the correct values for each settings above in " " will block the IP address on server firewall if it tries to cross the number of allowed failed login attempts.
     
  4. wayne_mu

    wayne_mu Member

    Joined:
    Dec 12, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    As aapkapratik mentioned , if you have csf (firewall) configured on your server, you can check the csf configuration file for the appropriate settings.

    :)
     
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    better to change the ssh port to something high, that will kill off all of these.

    never login as root, always login as your own account and use 'sudo' or 'sudo -s' to get root privs. root is anonymous, but there are other reasons as well.

    Make sure all the other users have nonexistent shells and they should be unable to login. You'll need to fiddle and test a bit to get this right, you may need to have an existing but null binary as shell to get the desired effect.
     
Loading...

Share This Page