cPanel / WHM "Massive Amount of Failures from IP" notices. What should I do?
Posted on 2008-10-01
I have a dedicated server. I use cPanel / Web Host Manager to administer it. cPanel is sending me scores of notices headed "Massive Amount of Failures from IP". The body of the message states "5 login failures attempts to account XXXXX (system) -- too many attempts from this ip" where XXXXX is, I assume, a potential user name such as rhett.
I assume they haven't broken in yet, or else the messages would stop. I changed my server password about a week ago, and since then these attacks have dramatacally increased. Someone may have had access previously and is upset that they lost it. (or am I just being paranoid?)
How do I harden my system to make sure they don't break in? Since I have been targeted, is there any way to avoid the attack?
I am running REDHAT Enterprise 3 and using WHM 11.23.2 cPanel 11.23.6-R27698
I am a newbie at server administration, so I would appreciate the help of an experienced expert.