Many failed logins

October 13, 2019, Written by 0 comment

Recently, you may have realized there were many failed login transactions in your logs. These failed logins have account users you don’t even know them before.

As long as you are hooked up with the internet, your servers and you are bound to these types of failed login transactions known as brute-force attacks. This type of attack will usually happen to a default port or a port used by the users you cannot apply restriction or minimum restriction.

Why are the ports do you see them often? Like the port 22 for SSH remotely; Ports 25. 110, 143 & 587 for emailing; Ports 8880 & 8443 use by Plesk; Ports 2082, 2083, 2086, 2087, 2092 & 2093 use by cPanel; Port 21 for FTP; Ports 80 & 443 for the webserver. Port likes 22 used by SSH, can be changed to another port number to avoid such and we encourage you to do that.

However, most ports you don’t as they are known as default for such services to be delivered. Hence, you are seeing more failed login transactions from these attackers attempted to steal your credentials to gain access to your account.

The key is using a strong password. If you have cPanel and Plesk control panels, you can reinforce users to adopt a higher strength of password used. This is a must and this is primary security practises for end-users. With a strong password, you have made these malicious activities very difficult.

If you have fully managed hosting, you can request the hosting support team to implement a 3rd party solution to bar these attacks. However, this often happened to users have basic managed or self-managed packages. hosting providers will not support 3rd party solutions. You can either do it yourself with the available resources from the internet or you paid someone to get it done. 

There are applications or functions from the control panel makers. For Plesk, you can install fail2ban & cPanel is cphulk. The problem for fail2ban & cphulk is not a bulletproof solution, very often users start to have login problems with these 2 applications.

This scenario has happened to 2 types of situations, you are a shared hosting user or an office has many users sharing the network through the same router. While most users do not have static IP internet, thus it is not possible to grant access to that IP. Hence, if you have 50 coworkers in the office, you just need one user to key in a wrong password for his or her mailbox or access the server from a computer has a backdoor, since everyone has the same public IP address, as soon as the IP address is blocked, he or she will become the culprit has paralyzed the rest of 49 users sending and receiving emails.

Thus, we must have to get a balance of both. There are pros and cons either way. Ultimately, a strong password is a solution to this. If you insist to have such protection you must have static IP internet and they are more expensive.

Before I go, cphulk in a VPS virtualized by Virtuozzo and OpenVZ will not work. cPanel has decided not to support this type of virtualization due to the iptables settings are inconsistent with different providers.