Malicious attack on a website on cPanel

Answered

Elizabeta

• May 21, 2025 10:22

Hello,

Yesterday there was a malicious attack on our cPanel user.
Load was very high, CPU 99%...
There was many IP addresses in processes....
How can I block such IP addresses that are attacking the user?

Best regards,
Elizabeta

• 

  cPRex Jurassic Moderator

  • May 21, 2025 13:42

  Hey hey!  The severity of the attack will determine what options you have.  For a smaller attack you could use a tool like mod_evasive to help handle that traffic:

  https://support.cpanel.net/hc/en-us/articles/360053581353-How-to-install-mod-evasive

  For larger attacks consuming a large amount of bandwidth it would be best to get your hosting provider or external services involved:

  https://support.cpanel.net/hc/en-us/articles/360051121953-What-should-I-do-if-my-server-is-experiencing-DDoS

  0
• 

  Elizabeta

  • May 22, 2025 13:45

  Hello,
  
  cPRex thank you for your email!
  
  I have just one question, If I install Apache module ea-apache24-mod_evasive
  https://support.cpanel.net/hc/en-us/articles/360053581353-How-to-install-mod-evasive
  "Mod_evasive keeps track of how many times an IP address requests a resource on your sites, if someone makes too many requests a 403 error will return."

  Will this possibly increase additionally  the CPU, load when we return 403 error?
  
  Best regards!

   

  0
• 

  cPRex Jurassic Moderator

  • May 22, 2025 15:49

  No - what's is saying is that if you're doing testing or if there is a popular page that someone frequently refreshes for the newest data (as in, several times within a few seconds) that user could be presented with a temporary 403 error as mod_evasive blocks them.

  0
• 

  Elizabeta

  • May 27, 2025 10:36

  Hello,
  
  Thank you cPRex for your help!
  
  Best regards,
  Elizabeta

  0
• 

  cPRex Jurassic Moderator

  • May 27, 2025 14:25

  Sure thing!

  -1

Please sign in to leave a comment.