Too many messages Brute Force - Excessive number of failed login attempts

Elizabeta

• October 22, 2021 02:17

Hello, I have a cPanel&WHM version v98.0.9. From yesterday morning I have in total 3500 messages and messages keep coming. How to prevent this attack?? Best regards, Elizabeta

• 

  Elizabeta

  • October 22, 2021 07:21

  One more info: Authentication Database is mail. I saw in message from Brute force attack Mails that are attempted to be hacked do not even exist on cPanel?? BR

  0
• 

  Elizabeta

  • October 22, 2021 10:18

  Hello, One of our users on cPanel has the autodiscover option activated on the dns record in cpanel, but does not host mails on cpanel. We noticed that a lot of emails (Brute force attack-Excessive number of failed login) come for mail addresses from that user.. How to stop it? Br, Elizabeta

  0
• 

  cPRex Jurassic Moderator

  • October 22, 2021 13:01

  Hey there! Could you post an example of one of the messages you're getting? Please remove any personal information, such as the email or IP address, but we'd need to see one of those messages in order to provide you with good information on how to solve the issue.

  0
• 

  Elizabeta

  • October 25, 2021 12:40

  Hello, Here the attack simply stopped after three days. There aren"t as many messages like this anymore. Picture of this mail is in attachment. Best regards, Elizabeta

  0
• 

  cPanelAnthony

  • October 25, 2021 15:01

  Hello, It sounds like your server was undergoing some type of bruteforce attack. I would suggest making sure your server's firewall is blocking these attempts. It will also help to make sure cPHulk is functioning.

  0
• 

  Elizabeta

  • October 26, 2021 11:52

  Hello, Yes, it was a kind of attack. Cphulk was enabled and set up correctly, so we survived :-)

  0
• 

  quietFinn

  • October 26, 2021 12:36

  These attackers may be able to use hundreds or even thousands of different IP's, so when one is blocked they use next, and so on... If the password is not strong they might eventually get it.

  0
• 

  cPanelAnthony

  • October 26, 2021 15:15

  Hello, Yes, it was a kind of attack. Cphulk was enabled and set up correctly, so we survived :)

  
  I'm happy to hear that! Never hesitate to reach out if you run into issues.

  0
• 

  Elizabeta

  • October 28, 2021 08:48

  I'm happy to hear that! Never hesitate to reach out if you run into issues.

  
  Thank you! Best regards, Elizabeta

  0
• 

  tirliton

  • January 18, 2022 17:07

  Hello, My server is under attack for more than 4 weeks now. The attack is a brute force against IMAP services attack. My firewall (CSF & LFD) is running and blocking them, but I had to deactivate the email notifications (more than 300 emails were sent per hour). cpHulk is also active. This afternoon, my LFD service crashed two times (xtable lock problem). Is there anything I can do to moderate this attack and avoid LFD to crash ? Thank you for your help, Guy

  0
• 

  cPRex Jurassic Moderator

  • January 24, 2022 16:28

  @tirliton - if the attack is that large, it would be best to work with your hosting provider or datacenter to see if they can perform some mitigation techniques at the network level so the traffic never even reaches your machine.

  0

Please sign in to leave a comment.