Server with "infected" ip address?
 

Got a new dedicated server, with cPanel and cPHulk Brute Force Protection. Immediately after the server was connected to the web at the hosting provider I started getting these messages at least 10 times a day:

Large Number of Failed Login Attempts from IP *

Does this mean they gave the server an IP address that has been used for a long time before and apparently is on some list of easy hackable servers or proxies or does it mean that these hackers are just randomly trying to hack into servers?

I have another server with another hosting provider and not getting any cPHulk warnings from there.

The problem is that during these attacks I can't login on my server myself and I can't whitelist my ip in cPHulk because I don't have a static ip or even ip range.

dont use host gator

I am sure you will get much better ideas, but here is my 2cents.

Buy a cheap VPN - I had to do it the other day and hidemyass.com worked ok - That should at least give an IP range so you can whitelist it and see what the fuck is happening...

Or, and I think this best, ask your host to sort it out or at least allocate a new IP.

Don't worry about it. They are mostly just bots searching the web for easy targets. I get these messages almost daily.

Just saw the last part of your message. I haven't been locked out so I'm not sure what you should do.

You're Paul Markhams new friend. You should know by now that only he has the correct answers to the difficult questions.

Servers at large provides that sell cookie cutter servers to DIY webmasters are common targets because the bad guys know that IP range has tons of servers that lack a qualified sysadmin. They know that the typical webmaster lacks the skills and motivation to do even significant hardening. New severs are particularly attractive because the default configuration is known and often includes weaknesses like default or empty passwords, php running suexec, etc.

Cphulk monitors several different daemons. Which are you getting a lot of notices for? Turn off any archives that you aren't using. For example, turn off pop3 if you aren't using your server to receive mail.

For services other than smtp and http, you can switch them to use a port other than the default and that will greatly reduce brute force attacks.

Yep. When I changed my SSH port I saw a 95% reduction.

automated break in attempts happen all the time, just turn email notifications off.

Msg me privately....My lil Nephew is a level4 Admin at GatorHoster.

lolololz

Like I said I also have a dedicated server at another location and not getting notifications for that one. I just checked, cPHulkd notifications is set on high priority.

What Raymor writes makes sense though, this is a self managed dedicated server in the biggest datacenter in Holland so it's part of a huge range of ip addresses connected to servers.

I already planned to have a sys admin finetune and secure my servers, he'll start this week, after that I will turn notifications off and turn notification of succesful log-ins on, just in case, and I'll change the root password from 12345 into something more difficult :1orglaugh

Thanks for the help dudes, it's great to be on this site.