Page 1 of 1

tons of mails with same IP blocked

Posted: 07 Nov 2008, 05:52
by Gizzmo
Hello,

i get a lot of mails ( more than 200 this time ) with the same IP blocked like:

Time: Fri Nov 7 06:43:55 2008 +0100
IP: XXX.XXX.xXX.XXX
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Yes

The IP is already blocked in csf. But i won`t stop sending mails.

Any suggestion?

Regards Frank

Posted: 07 Nov 2008, 09:31
by prabudh
Are you running ssh on default port (22, not recommended),

with so many failures i would certainly change the SSH port to a new one.

Posted: 07 Nov 2008, 09:55
by Gizzmo
Hello prabudh,

yes. port is 22. I need this for Account Transfers..
But why will there be sent so much mails if IP is allready blocked?
I think, if an IP is blocked, it could not / must not be blocked 100 times more?

Regards Frank

Posted: 07 Nov 2008, 10:10
by TDE
Gizzmo .... I also have the same thing occurring. I believe that the system is notifying us of everytime the ip in question is attempting to access our servers and that the attempt was blocked. I have found that by entering the IP into the C-Panel IP Deny Manager, the e-mails stop. Please anyone else .... correct me if my assumptions are incorrect .... I am really very, very new to servers and am just trying to learn myself. :)

Posted: 07 Nov 2008, 15:27
by Gizzmo
Hi,

now i stopped it by reinstalling csf. Looks like a problem with upgrading one of the last csf versions to a newer one. After i have uninstalled csf and reinstalled it, there are no more multiple mails with the same IP.

Regards Frank

Posted: 07 Nov 2008, 20:26
by prabudh
Gizzmo, Even if its stopped you shouldn't be using port 22,
cpanel account Transfer work fine even if you have SSH running on non-standard port.

TDE you should DENY any offending IP from Root WHM-->CSF--Deny IP

Blocking them from cPanel will only block them on your domain, not on SSH and other services.

Also try the Check Server Security button on CSF, it will help you guys locking more doors for hackers.

Posted: 08 Nov 2008, 17:14
by Gizzmo
Hello prabudh,

but if i set ssh to an other port, i will following error:

Connecting to Remote Server Failed: Unable to connect to XXX.XXX.XXX.XXX: port: Bad file descriptor

Regards Frank

Ok... Found my fail.. Have to open new port in and out at both servers ;-)

Posted: 11 Nov 2008, 05:58
by TDE
Thank you prabudh ... done and it's working! :D