Portal Home > Knowledgebase > Articles Database > Large Number of Failed Login from server ITSELF
Large Number of Failed Login from server ITSELF
Posted by astraeuz, 06-19-2011, 02:22 PM |
Hi,
I've enable cPHulk Brute Force Protection on the server so it notifies me of the suspicious activity.
BUT, what made me worry is that the email I received mentions that the failed login attempt was made from the server itself and no mention of the IP address...
------------------------------------------------------------
Subject: Large Number of Failed Login Attempts from IP christopher
Msg Body: 2 failed login attempts to account christopher (system) -- Large number of attempts from this IP: christopher (no IP)
Reverse DNS: www.serveraddr.com
------------------------------------------------------------
can someone comment on what could be the issue?
|
Posted by wartungsfenster, 06-19-2011, 02:56 PM |
Does it say that "2" is a large number of bad logins?
|
Posted by RadicalBro-Dylan, 06-19-2011, 02:56 PM |
Hi,
That happened to me once, I never found out what the problem was. Maybe a website pinging it? - Im not too sure
Dylan,
RadicalBro
|
Posted by cpanellover, 06-19-2011, 03:30 PM |
that is WHM bruteforce(cpHulkd) protection but your thresshold seems a bit tight use something like logcheck that will give you more information you can configure that in whm security...
|
Posted by linuxtechz, 06-20-2011, 05:17 AM |
Hey ,
Check your cpanel and message log files at /usr/local/cpanel/logs/login_log and /var/log/messages to see failed login attempts . Its possible to have a php shell uploaded and then trying to do dictionary attack to the server for which it might say the host as localhost in this case as you have mentioned.
|
Add to Favourites Print this Article
Also Read
cliff support (Views: 632)