Skip to main content

WHM Invalid Root Login

Aceaid
Hi All, I had an error many have had, being locked out of root before you can whitelist IP. As my Server is new I rebuilt and this time enabled emails of attacks in CPHulk as lots of people on here felt that this was the issue. I have now got constant attempted access from Japan and China IPs. This is locking my root access so I cannot block them and/or whitelist me. Example cut of email below. 5 failed login attempts to account root (system) -- Large number of attempts from this IP: 61.174.50.178 Any ideas? I have currently disabled the server in case they do get in. Many thanks Adrian

Comments

7 comments

Date Votes
  • mageshm
    @Aceaid, Purpose of CPHulk is to block brute force attack. We can't do anything so better change the root password often also disable direct root login and enable sudo users.
    0
  • Aceaid
    Seems like a good idea but sadly I cannot get in to do anything as all login attempts to my one current user, root are being locked out.
    0
  • triantech
    @Aceaid, I will recommend you to install a firewall like CSF/lFD, it is capable of blocking the IPs which conduct a brute-force attack to your services instead of blocking the actual account done by cphulkd. You can configure CSF in such a way as to block any IPs which attempt 5 login attempts and they all fail within a time gap of, say 300s. I have found this to be effective than cphulkd. [COLOR="silver">- - - Updated - - - @Aceaid, To add to this, you can change the port on which SSH is listening to, most of the attacks from china are directed at SSH service running on the custom port.
    0
  • Aceaid
    Thanks very much, I will research how to install and configure CSF.
    0
  • triantech
    @Aceaid, No problem, good luck :)
    0
  • keat63
    Adrian. Sounds like you're new to this. ? I'm only about 6 weeks old myself, so not an expert, but have learnt a lot in 6 weeks. You can install csf from ssh access or KVM if you have this. When you've installed CSF and finally manage to get in, choose one of the default profiles. I chose high, then fine tune it even more when you learn your way around. CSF will be in test mode, so don't forget to enable it. It's really pretty straight forward. In WHM find host access control. Add your IP (or range of IP's if your'e dynamic), and allow yourself access to WHM, FTP and SSHD. Deny "ALL" for the same. This will give your ip, and only your ip access to WHM, FTP and SSHD. If you know the IP of your server provider, add them to the allow list too. Also consider adding your home ip address/range as a fail safe. Lets assume your'e using dynamic ip's at home, in the range 123.99.x.x, then add 123.99.0.0/255.255.0.0 each host entry will have a line each. Make sure the deny's are at the bottom of the list. Consider closing port 22 in csf and move SSHD to a different port number, somewhere below port 1000. Again, a very easy simple edit.
    0
  • cPanelMichael
    Hello :) I suggest whitelisting your IP address right after the cPanel installation if you are using cPHulk so that access to "root" is not locked out. Note that you can review some of the new features planned for cPHulk in cPanel version 11.48 at: [url=http://features.cpanel.net/responses/as-a-server-administrator-i-want-cphulkd-to-better-mitigate-brute-force-attacks-so-that-i-can-enhance-security-on-my-system]cPHulkd to better mitigate Brute Force Attacks | cPanel Feature Requests Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post