Tagged with brute-force

Apr 29, 202613 min readsecurity infrastructure
SSH brute force on cPanel: the 8,127-attempt night and the fix
A postmortem on 8,127 failed SSH logins to a cPanel server in six hours from rotating /24s, why lfd alone could not see the pattern, and the layered fix.
#ssh #csf #lfd #cpanel #brute-force #fail2ban
Apr 16, 20262 min readsecurity operations
Find SSH attacker subnets in /var/log/secure: a quickref
One-liner to surface the top attacking /24 subnets in /var/log/secure during an SSH brute-force wave, plus per-username and per-minute variations.
#ssh #brute-force #grep #log-analysis

SSH brute force on cPanel: the 8,127-attempt night and the fix