Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
09-24-2011, 07:04 PM | #1 |
So Fucking Banned
Industry Role:
Join Date: Aug 2011
Location: Les Alpes, France
Posts: 1,423
|
Server with "infected" ip address?
Got a new dedicated server, with cPanel and cPHulk Brute Force Protection. Immediately after the server was connected to the web at the hosting provider I started getting these messages at least 10 times a day:
Large Number of Failed Login Attempts from IP * Does this mean they gave the server an IP address that has been used for a long time before and apparently is on some list of easy hackable servers or proxies or does it mean that these hackers are just randomly trying to hack into servers? I have another server with another hosting provider and not getting any cPHulk warnings from there. The problem is that during these attacks I can't login on my server myself and I can't whitelist my ip in cPHulk because I don't have a static ip or even ip range. |
09-24-2011, 07:20 PM | #2 |
Confirmed User
Industry Role:
Join Date: Jun 2011
Location: in the back room wanking
Posts: 2,024
|
dont use host gator
__________________
asiamoviepass.com |
09-24-2011, 07:23 PM | #3 |
Just Doing My Own Thing
Industry Role:
Join Date: Jan 2011
Location: London, Spain, New Zealand, GFY - Not Croydon...
Posts: 24,799
|
I am sure you will get much better ideas, but here is my 2cents.
Buy a cheap VPN - I had to do it the other day and hidemyass.com worked ok - That should at least give an IP range so you can whitelist it and see what the fuck is happening... Or, and I think this best, ask your host to sort it out or at least allocate a new IP. |
09-24-2011, 07:28 PM | #4 |
Junior Achiever
Industry Role:
Join Date: Nov 2004
Location: Walled Garden
Posts: 17,066
|
Don't worry about it. They are mostly just bots searching the web for easy targets. I get these messages almost daily.
|
09-24-2011, 07:32 PM | #5 |
Junior Achiever
Industry Role:
Join Date: Nov 2004
Location: Walled Garden
Posts: 17,066
|
Just saw the last part of your message. I haven't been locked out so I'm not sure what you should do.
|
09-24-2011, 07:37 PM | #6 |
BANNED
Industry Role:
Join Date: Oct 2004
Location: In Your Head
Posts: 23,437
|
You're Paul Markhams new friend. You should know by now that only he has the correct answers to the difficult questions.
__________________
If you don't like that Elon Musk bought twitter,... just build your own and stop crying about it. |
09-24-2011, 07:47 PM | #7 |
Confirmed User
Join Date: Oct 2002
Posts: 3,745
|
Servers at large provides that sell cookie cutter servers to DIY webmasters are common targets because the bad guys know that IP range has tons of servers that lack a qualified sysadmin. They know that the typical webmaster lacks the skills and motivation to do even significant hardening. New severs are particularly attractive because the default configuration is known and often includes weaknesses like default or empty passwords, php running suexec, etc.
Cphulk monitors several different daemons. Which are you getting a lot of notices for? Turn off any archives that you aren't using. For example, turn off pop3 if you aren't using your server to receive mail. For services other than smtp and http, you can switch them to use a port other than the default and that will greatly reduce brute force attacks. |
09-24-2011, 09:00 PM | #8 |
Junior Achiever
Industry Role:
Join Date: Nov 2004
Location: Walled Garden
Posts: 17,066
|
Yep. When I changed my SSH port I saw a 95% reduction.
|
09-24-2011, 11:00 PM | #9 |
Raise Your Weapon
Industry Role:
Join Date: Jun 2003
Location: Outback Australia
Posts: 15,605
|
automated break in attempts happen all the time, just turn email notifications off.
|
09-25-2011, 01:24 AM | #10 |
Confirmed User
Join Date: May 2003
Location: Texas
Posts: 4,429
|
Msg me privately....My lil Nephew is a level4 Admin at GatorHoster.
|
09-25-2011, 01:29 AM | #11 |
Icq: 14420613
Industry Role:
Join Date: Mar 2001
Location: chicago
Posts: 15,419
|
lolololz
__________________
Need WebHosting ? Email me for some great deals [email protected] |
09-26-2011, 02:59 AM | #12 | |
So Fucking Banned
Industry Role:
Join Date: Aug 2011
Location: Les Alpes, France
Posts: 1,423
|
Quote:
What Raymor writes makes sense though, this is a self managed dedicated server in the biggest datacenter in Holland so it's part of a huge range of ip addresses connected to servers. I already planned to have a sys admin finetune and secure my servers, he'll start this week, after that I will turn notifications off and turn notification of succesful log-ins on, just in case, and I'll change the root password from 12345 into something more difficult Thanks for the help dudes, it's great to be on this site. |
|