Skip to main content

Brute Force Attack Using Specific Server Services Usernames

Comments

3 comments

  • quizknows
    Since "system" usually means SSH, there's nothing to do with modsecurity unfortunately. If they were trying to log into your web applications with bogus usernames, that's something ModSecurity can help with. If the usernames don't exist on the system, it's really just an annoyance at that point. As long as you can still access your server(s) and it's not causing excess load on them, I'd just let cphulk and csf do their thing. It's probably just an automated botnet, I wouldn't lose any sleep over it.
    0
  • simcomedia
    Thanks for your response! I pretty much felt the same way, that it's just some bot bouncing around until it runs its course. However, I can't help but think that somehow some way they'll eventually have success even though the possibility is unlikely. Call it paranoia as we've been successfully hacked before and it sucked royally. So, if there's no real way to protect the 'system' with the exceptions of brute force prevention, CSF and also we've deployed the Host Access Control in WHM, then we'll just have to let those do the work.
    0
  • cPanelMichael
    Hello :) Yes, I suggest simply letting CSF and cPHulk do their jobs, as quizknows suggested. Note that while unrelated to this specific concern, you can review some of the new features planned for cPHulk in cPanel version 11.48 at: cPHulkd to better mitigate Brute Force Attacks | cPanel Feature Requests Thank you.
    0

Please sign in to leave a comment.