Brute force attacks
Hi,
Problems with brute force attacks daily, using high memory
I looked at my logs - This message is normal?
Thanks
usr/local/cpanel/logs/error_log
[2014-10-24 16:03:44 -0200] info [cphulkd] cPHulk Notification => xxxxxxxxxxx via EMAIL [level => 1]
Duplicate logaccess: at cpsrvd-ssl line 3566
cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
Duplicate logaccess: at cpsrvd-ssl line 3566
cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at cpsrvd-ssl line 6015
cpanel::cpsrvd::connect_cphulkd() called at cpsrvd-ssl line 5477
cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
Duplicate logaccess: at cpsrvd-ssl line 3566
cpanel::cpsrvd::logaccess() called at cpsrvd-ssl line 3147
cpanel::cpsrvd::badpass(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, 1, __CPANEL_HIDDEN__, 1) called at cpsrvd-ssl line 6337
cpanel::cpsrvd::docheckpass_whostmgrd(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__, undef, __CPANEL_HIDDEN__, __CPANEL_HIDDEN__llM-CM-__CPANEL_HIDDEN__dfslkM-CM-__CPANEL_HIDDEN__dfs__CPANEL_HIDDEN__encrypted_pass__CPANEL_HIDDEN__', ...) called at cpsrvd-ssl line 5582
cpanel::cpsrvd::handle_form_login() called at cpsrvd-ssl line 1290
cpanel::cpsrvd::handle_one_connection() called at cpsrvd-ssl line 1152
cpanel::cpsrvd::script() called at cpsrvd-ssl line 438
94.102.xx.xxx - - [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:22 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:23 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:24 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"
94.102.xx.xxx - - [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 301 0 "" "" "-"
94.102.xx.xxx - admini [10/23/2014:13:49:25 -0000] "POST /login/?login_only=1 HTTP/1.1" 401 0 "" "" "-"-
Hello :) Internal case number 107785 is open to address the "Duplicate logaccess" error in the cPanel error log during certain failed login attempts. However, this message itself should not result in higher loads or memory usage on your system. You may want to implement a third-party firewall management utility such as CSF to help block those types of brute force attempts. Thank you. 0 -
Hello Michael, Thanks for the tip... I made some adjustments in CSF and now seems to work well :o 0
Please sign in to leave a comment.
Comments
2 comments