Cphulk - not blocking "[WARNING] Sorry, cleartext sessions and weak ciphers" IPs
My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE:
pure-ftpd: (?@154.89.5.82) [INFO] New connection from 154.89.5.82
pure-ftpd: (?@154.89.5.82) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please r
Sometimes I'll manually block it as Cphulk doesn't appear to do anything with them.
1. Is there a way to have Cphulk block this?
If not, I see others have installed fail2ban as a secondary measure for things that CPhulk doesn't cover?
2. Is that still the acceptable method?
I've used fail2ban on other servers, but not cPanel.
3. Do the two play ok together?
I'd assume so it's just another log monitor with additional rules, cpanel has an article about installing it (simple), which I'd figured if there was an issue they'd mention it there.
Thank you,
-sactobob
-
Hello! cPHulk can prevent logins to various cPanel-related services, but won't necessarily stop FTP login attempts like this. It should be possible to use something like fail2ban or CSF firewall; both are known to work fine with cPHulk. Please note that we do not support CSF or fail2ban at cPanel; they have plugins that should work, but we cannot guarantee this. 0 -
I tried CSF once a few years ago and it decided it was too much for me. I've used fail2ban on several other servers and it's fairly straight forward. I'll see about installing that. Thanks for the reply and advise. -Bob 0
Please sign in to leave a comment.
Comments
2 comments