New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
.htaccess
combination of htaccess + csf = does good trick to protect software from attacks.
If you have root access Fail2ban or CSV Portflood will do the job of stopping a bruteforce attack. Like said above you can block those IPs via .htaccess.
Block access to WHMCS from all IPs, except your own, with .htaccess
If your IP is not static:
OR
If your website is behind something like cloudflare, make sure you are getting the real user's IP.
Get CSF asap and also use bruteforce detection (CPHulk) - Those 2 will help you a LOT!! If you need configuration help, let us know. I'm sure any of use here, will be able to provide free advice!! Good luck :-)
Are customers going to login from mars?
Well spoken.
But: I'm afraid wifi connectivity on mars is poor.
Wait, are we talking about the WHMCS admin panel or regular whmcs login? ooops
Can't you just add recaptcha to it?
my problem is clientarea login, not admin login.
how to add recaptcha on client area login?
Setup >> General Settings, selecting the Security tab, choosing the reCAPTCHA Captcha Type radio button, and entering the public and private keys supplied by Google
captcha is only on domain search, not on client login.
i have activated it before
How many ips try to brute force, try to bock it 1 by 1 or in subnet range with .htacess
Bruteforce attempts are super common, you have bots and botnets scouring the web looking for a vulnerable server/wordpress/cpanel/whmcs/etc at all hours every day of the year every year. This is the most common thing ever. My new server just had 600+ SSH login attempts before I even had a chance to change the SSH port. It is just a cost of running a server.
As others mentioned, CSF is critical. CSF is super easy to install, get that ASAP. Adjust CSF config file to your liking. I keep a larger IP pool than it says. Also CPHulk helps too if you are on cpanel. But watch out because CPHulk can lock you out of your server if you aren't careful. e.g. you changed your root pass and forgot to update filzilla, then you logged into filezilla and guess what, cphulk banned your IP. Only way in is through a different IP then, you can then use a VPN or your cell phone data plan to get in from another IP. Tor works too although more dangerous.
CSF and CPHULK together can fight with bruteforce in an effective way. You may block the range of IP's, if they are from a specific country. In firewall, you may also set a connection limit from same ip like, if any particular IP has established more that 100 connections on a particular port then it will be blocked by firewall for the next few hours.
I setup two factor authentication using Duo. PM me if you need help setting this up.
How to avoid 99.99% of brute force attacks 99.99% of the time: Disable SSH.
(There's always a chance that your VPS will be exploited)
It sounds insane, but that's exactly what I did, considering most of my providers already provided a method to log on anyway. If the provider is competent, they'll have secured the control panel properly, which means you can just access your VPS via VNC/console.
The above is extreme, so if you do want to keep SSH online, go with what @WebHostingNinja said, and use 2FA. Next to impossible to guess a OTP, let alone a click on an app.
Shutdown
Sorry, but. If you don't know how to react in a brute-force case...
You should pay a technician to do your server stuff instead of selling servers.
Enable Two factor authentication for the client by following this link :- https://docs.whmcs.com/Security_Modules
My thoughts exactly! What the hell are you doing selling hosting and servers if you don't even know the absolute basics of server security? Oy...summer is almost over.
More like just change your SSH port from 22 to a different uncommon port. That would eliminate 99% of brute force attacks.
the most stupid answer