SOLVED Too many messages Brute Force - Excessive number of failed login attempts

Elizabeta

Well-Known Member
Mar 21, 2018
251
35
28
Mostar
cPanel Access Level
Root Administrator
Hello,

I have a cPanel&WHM version v98.0.9. From yesterday morning I have in total 3500 messages and messages keep coming. How to prevent this attack??

Best regards,
Elizabeta
 

Elizabeta

Well-Known Member
Mar 21, 2018
251
35
28
Mostar
cPanel Access Level
Root Administrator
One more info: Authentication Database is mail. I saw in message from Brute force attack

Mails that are attempted to be hacked do not even exist on cPanel??

BR




 

Elizabeta

Well-Known Member
Mar 21, 2018
251
35
28
Mostar
cPanel Access Level
Root Administrator
Hello,

One of our users on cPanel has the autodiscover option activated on the dns record in cpanel, but does not host mails on cpanel.
We noticed that a lot of emails (Brute force attack-Excessive number of failed login) come for mail addresses from that user..
How to stop it?

Br,
Elizabeta
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Hey there! Could you post an example of one of the messages you're getting? Please remove any personal information, such as the email or IP address, but we'd need to see one of those messages in order to provide you with good information on how to solve the issue.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
623
59
103
Houston, TX
cPanel Access Level
Root Administrator
Hello,

It sounds like your server was undergoing some type of bruteforce attack. I would suggest making sure your server's firewall is blocking these attempts. It will also help to make sure cPHulk is functioning.

 

quietFinn

Well-Known Member
Feb 4, 2006
1,394
181
193
Finland
cPanel Access Level
Root Administrator
These attackers may be able to use hundreds or even thousands of different IP's, so when one is blocked they use next, and so on...
If the password is not strong they might eventually get it.