Repeated brute force attempts to login to my server ,Is this normal ?

Portal Home > Knowledgebase > Articles Database > Repeated brute force attempts to login to my server ,Is this normal ?

Posted by Tonyit, 08-09-2013, 03:18 AM
There are 90 attempts to login to my server between 2013-08-07 21:35:22 to 2013-08-08 22:23:46 what is happening . IPs from china and i found a some name @indiangiftbazaar.com email and (i lost the name) i can 100% sure i never visited this indian website (i'm italian and my websites is italian and i don't know whats going on) brute force ips are 113.107.101.234 (china) 184.22.29.10 (US) 14.63.160.144 (korea) 42.120.43.47 (china) I'm worrying too much ? that server is not hosting anything so i don't understand what they trying to do ? should i contact hosting company (100tb)? How i find complete login failed and succeeded ip logs in WHM ?
Posted by QuickClickHosting, 08-09-2013, 03:36 AM
Well, not sure if its normal for everyone, but we have brute force attacks (and other attacks)all the time.. CSF normally sorts them out and bans them, we do not worry about them.
Posted by Louis - SiteMyWeb, 08-09-2013, 04:50 AM
We get a few but yeah brute force sorts them out and if customer contacts us saying they can't get access we just whitelist their IP otherwise, otherwise the list thats blocked stays as it is.
Posted by BestServerSupport, 08-09-2013, 10:55 AM
CSF as a firewall will be the best option to prevent this kind of attacks coming to your server. If you are using cPanel/WHM in your server then there is a plugin available for it which makes it easier to manage CSF from cPanel/WHM.