Hello,
Recently I activated the WHM security tweak that blocks a certain number of attempts from an ip to log into cPanel.
Say for example more than 5 failed attemtps the Ip will get blocked and a message would be sent to my system email address.
Only 30 minutes of activating this I got 5 emails already simialr to:
5 login failures attempts to account admin (system) -- too many attempts from this ip
Anyone having this problem? Or know how this can be fixed?
Regards.

You will constantly get brute force attacks, they are automated. Enable the protection and don't worry for people who hopelessly try to login as an "admin" to a cPanel server :)

These are to be expected. Changing the SSH port should stop most of it
/etc/ssh/sshd_config
Then you have to think about port scanning, I would suggest looking into a firewall ;)

Thanks for all your help :)
What benefits would I firewall put in? As other clients do need to log into my cPanel server.

Changing SSH port will make the bots unable to login to SSH on port 22. You may for example set the SSH port to something between 20,000 - 50,000, but you have to remember it when logging into SSH yourself :)
Since SSH port is so high and unknown for bots, they will start doing port scans. A port scan is a series of tests to find the actual SSH port.
A firewall can block port scans (I use CSF for it). So attackers won't be able to find out the SSH port.
I don't know if CSF can do it out of the box, or if requires some setting to do it. I never did it myself, my tech guy does it. Hopefully someone else can clarify it for you.

Changing SSH port will make the bots unable to login to SSH on port 22. You may for example set the SSH port to something between 20,000 - 50,000, but you have to remember it when logging into SSH yourself :)
Since SSH port is so high and unknown for bots, they will start doing port scans. A port scan is a series of tests to find the actual SSH port.
A firewall can block port scans (I use CSF for it). So attackers won't be able to find out the SSH port.
I don't know if CSF can do it out of the box, or if requires some setting to do it. I never did it myself, my tech guy does it. Hopefully someone else can clarify it for you.
Ff you can afford, use a Hardware firewall.
<<Snip>>

Thanks again, I will probably give that a try :)

Use SSH on a higher number port.
Use SSH protocol 2
get yourself CSF installed and enable blocking port scanning in it.
This would be enough for such attempts, however once you install CSF, it would give you server Security report to check what methods you could use to Harden your box.
Hardware firewalls are expensive though.

These are to be expected. Changing the SSH port should stop most of it
Then you have to think about port scanning, I would suggest looking into a firewall ;)
Yep. Changing the SSH port definitely makes your server more secure. I used to have CSF notifications sent to my personal email, until I started getting about 500 every few hours... now I have it sent to a different email (no, they weren't 500 bans every few hours).

For those not familiar, CSF = ConfigServer Firewall (http://configserver.com/cp/csf.html) <== link
The main CSF page has a very nice explanation of what it all does and how it works.
CSF is free (although you should donate to Chirpy and Sarah to say "thanks") and it is a seriously outstanding tool. :gthumb:
:D Bailey

I get up to 100 brute force attacks a day, nothing new.

Brute Force attacks are nothing new. I have been running cPanel for years. You need to change your SSH port. It’s like locking your front door but leaving a key under the mat. We did that year ago on all our servers and hardly every get a SSH login attempt. Make sure you pick a port that is not used for something else.
CSF is just great. If you’re using cPanel it is a must. You have to have root access to install it. It is simple to install and configuring it is really easy. I configure it at command line but it links itself to WHM/cPanel. Just make sure you do setup it up to auto update in the config file.
<<signatures to be added to your profile>>