The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Should I be worried?

Discussion in 'General Discussion' started by MalinRep, Jun 20, 2005.

  1. MalinRep

    MalinRep Member

    Joined:
    Jan 11, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I just received my logs for today:

    Failed logins from these:
    adm/password from ::ffff:81.71.31.44: 2 Time(s)
    dbus/password from ::ffff:202.82.230.253: 1 Time(s)
    ftp/password from ::ffff:66.82.4.25: 1 Time(s)
    ftp/password from ::ffff:81.71.31.44: 2 Time(s)
    games/password from ::ffff:81.71.31.44: 2 Time(s)
    james/password from ::ffff:81.71.31.44: 2 Time(s)
    mail/password from ::ffff:81.71.31.44: 2 Time(s)
    mailman/password from ::ffff:66.82.4.25: 1 Time(s)
    mysql/password from ::ffff:66.82.4.25: 2 Time(s)
    mysql/password from ::ffff:81.71.31.44: 4 Time(s)
    news/password from ::ffff:81.71.31.44: 2 Time(s)
    nobody/password from ::ffff:81.71.31.44: 2 Time(s)
    operator/password from ::ffff:81.71.31.44: 2 Time(s)
    postgres/password from ::ffff:66.82.4.25: 1 Time(s)
    root/password from ::ffff:66.82.4.25: 13 Time(s)
    root/password from ::ffff:81.71.31.44: 34 Time(s)
    rpm/password from ::ffff:81.71.31.44: 2 Time(s)
    sshd/password from ::ffff:81.71.31.44: 2 Time(s)

    For one, I'm the only one with root access. Second, none of those are my IP address. The only actual user on that is james which has an account with me.
     
  2. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India

    I doubt it is a hacking attempt.

    ---
    Aby :)
     
  3. DigiCrime

    DigiCrime Well-Known Member

    Joined:
    Nov 27, 2002
    Messages:
    399
    Likes Received:
    0
    Trophy Points:
    16
    Woudnt worry about it these are scanners or bots whatever you call them guessing password combos, Iget about 4000 failed attempts on a daily basis :eek: nothing becomes of it
     
  4. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    change the port ssh uses to something besides port 22 and most of these login attempts will quit
     
  5. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Also if you run APF run BFD with it. It'll ban em as they come in.

    I get a ton daily... its always the same things.

    The only person who can disable my APF is 'root' and you cant login with root so its all good. I've also disabled shell access for everyone but my main login.
     
  6. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    only problem is there is a chance they could hit a valid password for one of the accounts which would give them user level access to the box

    and changing the port for ssh only takes 2 min to do its a cheap extra level of protection
     
  7. MalinRep

    MalinRep Member

    Joined:
    Jan 11, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    OK, how can I change the port?
     
  8. bijo

    bijo Well-Known Member

    Joined:
    Aug 21, 2004
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India

    Hello,

    You can do it by editing the following file /etc/ssh/sshd_config and change the port to xxxx instead of 22
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    ...but be careful if you have an iptables firewall installed that you open up the new port. don't forget to restart sshd too.
     
  10. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Well unless the clients need SSH, which I dont see why they would if its standard hosting, I recommend removing everyones SSH access from the wheel group except yourself.

    This is what I do. That way only my login (which the password is lowercase, uppercase, numbers and special characters) is the only way to get in via SSH and chances are pretty good it wont get found since both the username and password are un-standard. Thats also the only way to get into 'root' since its disabled from direct login.

    D.
     
Loading...

Share This Page