The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM Invalid Root Login

Discussion in 'Security' started by Aceaid, Jan 13, 2015.

  1. Aceaid

    Aceaid Member

    Joined:
    Jan 13, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Horsham, United Kingdom
    cPanel Access Level:
    Website Owner
    Hi All,

    I had an error many have had, being locked out of root before you can whitelist IP.

    As my Server is new I rebuilt and this time enabled emails of attacks in CPHulk as lots of people on here felt that this was the issue.

    I have now got constant attempted access from Japan and China IPs. This is locking my root access so I cannot block them and/or whitelist me. Example cut of email below.

    5 failed login attempts to account root (system) -- Large number of attempts from this IP: 61.174.50.178

    Any ideas? I have currently disabled the server in case they do get in.

    Many thanks

    Adrian
     
  2. mageshm

    mageshm Well-Known Member

    Joined:
    Apr 17, 2014
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Chennai, INDIA
    cPanel Access Level:
    DataCenter Provider
    @Aceaid,

    Purpose of CPHulk is to block brute force attack. We can't do anything so better change the root password often also disable direct root login and enable sudo users.
     
  3. Aceaid

    Aceaid Member

    Joined:
    Jan 13, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Horsham, United Kingdom
    cPanel Access Level:
    Website Owner
    Seems like a good idea but sadly I cannot get in to do anything as all login attempts to my one current user, root are being locked out.
     
  4. triantech

    triantech Well-Known Member

    Joined:
    Jul 1, 2014
    Messages:
    145
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kochi, India, India
    cPanel Access Level:
    Root Administrator
    @Aceaid,

    I will recommend you to install a firewall like CSF/lFD, it is capable of blocking the IPs which conduct a brute-force attack to your services instead of blocking the actual account done by cphulkd.

    You can configure CSF in such a way as to block any IPs which attempt 5 login attempts and they all fail within a time gap of, say 300s. I have found this to be effective than cphulkd.

    - - - Updated - - -

    @Aceaid,

    To add to this, you can change the port on which SSH is listening to, most of the attacks from china are directed at SSH service running on the custom port.
     
  5. Aceaid

    Aceaid Member

    Joined:
    Jan 13, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Horsham, United Kingdom
    cPanel Access Level:
    Website Owner
    Thanks very much, I will research how to install and configure CSF.
     
  6. triantech

    triantech Well-Known Member

    Joined:
    Jul 1, 2014
    Messages:
    145
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kochi, India, India
    cPanel Access Level:
    Root Administrator
    @Aceaid,

    No problem, good luck :)
     
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Adrian.

    Sounds like you're new to this. ?
    I'm only about 6 weeks old myself, so not an expert, but have learnt a lot in 6 weeks.

    You can install csf from ssh access or KVM if you have this.
    When you've installed CSF and finally manage to get in, choose one of the default profiles.
    I chose high, then fine tune it even more when you learn your way around.
    CSF will be in test mode, so don't forget to enable it.
    It's really pretty straight forward.

    In WHM find host access control.
    Add your IP (or range of IP's if your'e dynamic), and allow yourself access to WHM, FTP and SSHD.
    Deny "ALL" for the same.
    This will give your ip, and only your ip access to WHM, FTP and SSHD.
    If you know the IP of your server provider, add them to the allow list too.
    Also consider adding your home ip address/range as a fail safe.
    Lets assume your'e using dynamic ip's at home, in the range 123.99.x.x, then add 123.99.0.0/255.255.0.0
    each host entry will have a line each.

    Make sure the deny's are at the bottom of the list.

    Consider closing port 22 in csf and move SSHD to a different port number, somewhere below port 1000.
    Again, a very easy simple edit.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page