Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

cPanel / WHM "Massive Amount of Failures from IP" notices. What should I do?

I have a dedicated server. I use cPanel / Web Host Manager to administer it. cPanel is sending me scores of notices headed "Massive Amount of Failures from IP". The body of the message states "5 login failures attempts to account XXXXX (system) -- too many attempts from this ip" where XXXXX is, I assume, a potential user name such as  rhett.

I assume they haven't broken in yet, or else the messages would stop. I changed my server password about a week ago, and since then these attacks have dramatacally increased. Someone may have had access previously and is upset that they lost it. (or am I just being paranoid?)

How do I harden my system to make sure they don't break in? Since I have been targeted, is there any way to avoid the attack?

I am running REDHAT Enterprise 3 and using WHM 11.23.2 cPanel 11.23.6-R27698

I am a newbie at server administration, so I would appreciate the help of an experienced expert.

Thank you

Brian
0
birwin
Asked:
birwin
  • 2
1 Solution
 
RowleyCommented:
Are the attempts coming from an internal, or external address?
Is the address the same or is it from multiple sources?
Can you block the IP address completely at the firewall?
0
 
khaledfCommented:
this could be the case, someone is trying a brute force attack to find the password.
you don't have to worry if your password is very stong. it will take them ages to break it.

the draw back is that these requests will slow your server.
0
 
khaledfCommented:
also see if you have this log file here
/usr/local/cpanel/logs/cphulkd_errors.log

or somewhere else.

this means you are protected against brute force attacks
0
 
birwinAuthor Commented:
Thank you. I did have that file. My password uses both letters and numbers, so I think its solid.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now