The Planet Forums > Brute Force Warning Against ThePlanet

Full Version: Brute Force Warning Against ThePlanet

The Planet Forums > Security > Firewalls

ckh

Feb 15 2005, 08:46 AM

Just got a couple of brute force warnings in my email this morning. Same IP from thePlanet, but a reserved IP so it's not assigned to anyone.

Not sure why it's happening, upgraded to cPanel R85 last night. I'm guessing it has something to do with the monitoring service provided by thePlanet/SM. Has quite a few login attempts with the user being Russ on both instances.

The remote system 186.69-93-137.reverse.theplanet.com was found to have exceeded acceptable login failures on serv-2.lotsmorehosting.net. As such the attacking host has been banned from further accessing this system; for the integrity of your host you should investigate this event as soon as possible.

The following are event logs for exceeded login failures from 186.69-93-137.reverse.theplanet.com (all time stamps are GMT -0700):
----
- Executed actions:
/etc/apf/apf -d 186.69-93-137.reverse.theplanet.com

Chris

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.