Large Number of Failed Login Attempts

marsm

• April 10, 2014 06:31

In recent weeks/months, I've been getting a lot of messages like this: 5 failed login attempts to account XXXX (pop3) -- Large number of attempts from this IP: XX.XX.XX.XX Reverse DNS: XX-XX-XX-XXXX.net Origin Country: United Kingdom (GB) While cpanel is clearly catching these, I have discovered that some people have been able to "get through" and have been using our server to send out emails in the form of large mailing lists. Because of this, our server has now been hit with multiple blacklists which is extremely frustrating. My questions are: 1. How can we better protect ourselves to prevent dodgy people out there using our SMTP to fire our email/spam? 2. What's the process to getting ourselves whitelisted (from an email perspective)? Any help and advice would be greatly appreciated. Regards, Mars

• 

  cPanelMichael

  • April 10, 2014 12:41

  Hello :) The first step you should take is to require that your users and their email accounts use strong passwords that are not easily brute forced. Also, the following document provides some tips on preventing email abuse: cPanel - Prevent Email Abuse The whitelist process varies with each remote mail server. You will need to review each remote mail server that has blocked your server to determine what steps are necessary. Thank you.

  0
• 

  marsm

  • April 10, 2014 13:05

  Hmm... I have most of the things activated that have been covered in the document... passwords on our email are strong. Will keep monitoring things.

  0

Please sign in to leave a comment.