The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

So How Do I Block This????

Discussion in 'Security' started by dannette, Feb 14, 2011.

  1. dannette

    dannette Registered

    Joined:
    Apr 27, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I have been running cPHulk Brute Force Protection and blacklisting IP addresses as they come in as well as having blacklisted entire countries that we do not want into our server. I just got one that I don't know what to do about:
    Code:
    5 failed login attempts to account com• ii (system) -- Large number of attempts from this IP: hoÞ•pò—¿Ë þ•í ä•Æ…ý•ørý•èrý•h¹ã• 
    It looks a little different in this editor than in my email but very similar. All the links to blacklist have this garbled "IP" appended.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You cannot block it then, since the IP isn't a legitimate IP to block. It's possible they are spoofing the IP in some manner, or that the IP simply didn't get properly logged.

    You can always check for the IP to see if the MySQL database shows a different entry in root SSH mysql command line:

    Code:
    mysql
    \u cphulkd
    select * from brutes;
    It should show all of the IPs that were logged for brute force attempts.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    How large is your list?
     
Loading...

Share This Page