My Server is Under attack!

**Matt01** · 06-07-2011, 19:12

For the last hour or so ive been able to try and get Hostbill communicate with WHM but its been giving me an error so i raised a ticket, but after a while i tried to log in to WHM and it said that its been locked because of a brute forcer
I said this in the ticket and the support operator blamed me for trying to log in with the wrong password, this is not possible because i use a firefox plugin called LastPass, it keeps all logins of websites secure and supposed to log me in automatically, it does work....

the operator posted the log and closed the ticket, i dont really know what to do now because i dont want my account to keep being locked, because i think this is the reason why Hostbill cannot communicate with WHM because it has to log in to create the account.

+-------------------------------------------------+---------------------------------------------------------------------------------------------------+
| IP | NOTES | BRUTETIME | EXPTIME |
+-------------------------------------------------+---------------------------------------------------------------------------------------------------+

| 59.14.104.190 | 30 failed login attempts to account zabbix (system) -- Large number of attempts from this IP: 59.14.104.190 | 2011-07-05 05:54:15 | 2011-07-19 05:54:15 |

| 113.59.121.165 | 30 failed login attempts to account postgres (system) -- Large number of attempts from this IP: 113.59.121.165 | 2011-07-05 06:25:24 | 2011-07-19 06:25:24 |

| 173-165-81-217-illinois.hfc.comcastbusiness.net | 30 failed login attempts to account root (system) -- Large number of attempts from this IP: 173-165-81-217-illinois.hfc.comcastbusiness.net | 2011-07-05 07:50:49 | 2011-07-19 07:50:49 |

| 69.144.198.212 | 30 failed login attempts to account server (system) -- Large number of attempts from this IP: 69.144.198.212 | 2011-07-06 16:06:51 | 2011-07-20 16:06:51 |

| 173.231.28.153 | 30 failed login attempts to account root (system) -- Large number of attempts from this IP: 173.231.28.153 | 2011-07-06 17:52:45 | 2011-07-20 17:52:45 |

| 200.37.170.157 | 30 failed login attempts to account public (system) -- Large number of attempts from this IP: 200.37.170.157 | 2011-07-06 19:07:26 | 2011-07-20 19:07:26 |

| 200.29.111.110 | 30 failed login attempts to account public (system) -- Large number of attempts from this IP: 200.29.111.110 | 2011-07-06 19:38:30 | 2011-07-20 19:38:30 |

------------------------------------------------------------------------------------------+---------------------+---------------------+

my IP address is 94.169.70.62

**Kieran** · 06-07-2011, 20:15

Hi.

I'm looking into this now. I will investigate the issue further and update you in the ticket AOR-494-25224.

Regards,
Kieran A.

**Matt01** · 06-07-2011, 20:59

Thanks im waiting to hear back

**Kieran** · 07-07-2011, 02:46

Hi.

I have replied your ticket : AOR-494-25224. Please update us in the same ticket if you have any doubt.

Regards,
Kieran.

**Matt01** · 07-07-2011, 09:32

I've replied and i would appreciate if you stopped pointing fingers at me, these IP's are originating from Peu, Colombia, US and they have nothing to do with my firefox plugin, it has a 5* review on the plugin website and all it does it auto fills fields, it does not communicate with any servers, has outgoing or incomming traffic.

I'm very unhappy with this, it seems the only option you have is to blame the plugin... ie me.

latest email... while i was IN BED.

5 failed login attempts to account root (system) -- Large number of attempts from this IP: 199.115.229.209
Origin Country: United States (US)

**Matt01** · 07-07-2011, 09:36

And this one i just found in my junk folder from last night while i was offline

5 failed login attempts to account root (system) -- Large number of attempts from this IP: 218.61.38.11
Origin Country: China (CN)