How can we help you today?
Stopping a DDOS or Brute Force Attack
- Log into the server using Putty.
- Type cd /user/local/cpanel/logs
- if that doesn’t get results type home/<username>/access_logs
- Type tail access_log
- This will get you the last 10 IP addresses and what they did.
- If you want 20, for example, type tail -20 access_log
- Look for multiple access entries from the same IP address, – specifically look for IP addresses trying to get to wp-admin, wp-login.php files or email/SMTP logins.
- Go to Network Tools.
- Choose Network Lookup, enter the IP address, and click Go.
- Verify it is not an IP address that should be trying to access our system (i.e.) Spectrum, PrimeLink, or other local provider).
- Go to WHM (see alternate directions if you cannot get there).
- Go to cPHulk Brute Force Proctection.
- Click on Blacklist Management.
- Enter the IP address.
- Enter a comment, if desired – such as a date or why it was blacklisted.
- Click Add.
- Repeat for other IP addresses.
- Continue to monitor the access log.
If you cannot get to WHM
- Replace step 8 above with:
- Type /scripts/cphulkdblacklist 000.000.000.000, where the 000.000.000.000 represents the IP address you want to block.