Solved

cPanel / WHM "Massive Amount of Failures from IP" notices. What should I do?

Posted on 2008-10-01
4
512 Views
Last Modified: 2012-05-05
I have a dedicated server. I use cPanel / Web Host Manager to administer it. cPanel is sending me scores of notices headed "Massive Amount of Failures from IP". The body of the message states "5 login failures attempts to account XXXXX (system) -- too many attempts from this ip" where XXXXX is, I assume, a potential user name such as  rhett.

I assume they haven't broken in yet, or else the messages would stop. I changed my server password about a week ago, and since then these attacks have dramatacally increased. Someone may have had access previously and is upset that they lost it. (or am I just being paranoid?)

How do I harden my system to make sure they don't break in? Since I have been targeted, is there any way to avoid the attack?

I am running REDHAT Enterprise 3 and using WHM 11.23.2 cPanel 11.23.6-R27698

I am a newbie at server administration, so I would appreciate the help of an experienced expert.

Thank you

Brian
0
Comment
Question by:birwin
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
Are the attempts coming from an internal, or external address?
Is the address the same or is it from multiple sources?
Can you block the IP address completely at the firewall?
0
 
LVL 9

Expert Comment

by:khaledf
Comment Utility
this could be the case, someone is trying a brute force attack to find the password.
you don't have to worry if your password is very stong. it will take them ages to break it.

the draw back is that these requests will slow your server.
0
 
LVL 9

Accepted Solution

by:
khaledf earned 500 total points
Comment Utility
also see if you have this log file here
/usr/local/cpanel/logs/cphulkd_errors.log

or somewhere else.

this means you are protected against brute force attacks
0
 
LVL 6

Author Closing Comment

by:birwin
Comment Utility
Thank you. I did have that file. My password uses both letters and numbers, so I think its solid.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now