Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 I believe that a brute force attack occured, as the password reset box is missing and some users are requesting their passwords reset. Also, SSH appears to be down right now. [On stevie] Link to comment Share on other sites More sharing options...
Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 Does that mean the hompage connection has an issue? Strange that the other ways wouldn't work? Anyway, thanks!! It appears that someone might have attempted to brute force our servers. However, that link works because to cpanel, it's coming from a local IP: Instead of You --> Cpanel It's You --> Apache --> Cpanel However, if someone uses that URL to brute force our servers, it will become blocked as well. Link to comment Share on other sites More sharing options...
webmaster Posted April 17, 2011 Share Posted April 17, 2011 Your account appears to be active. Are you logging in lower-case? Yes, I login as usual, in lower-case. Link to comment Share on other sites More sharing options...
Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 Use http://cpanel.heliohost.org Merging thread... Escalating Request. Link to comment Share on other sites More sharing options...
jje Posted April 17, 2011 Share Posted April 17, 2011 @djbob - As well as the brute force issue, could you also enable Password Reset on Johnny? Thanks, Link to comment Share on other sites More sharing options...
webmaster Posted April 17, 2011 Share Posted April 17, 2011 Use http://cpanel.heliohost.org Merging thread... Escalating Request. It works now. Thank you very much! But with previous address (https://stevie.heliohost.org:2083) I was able to login securely via SSL. Is it possible to do so within new address? Link to comment Share on other sites More sharing options...
Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 @djbob - As well as the brute force issue, could you also enable Password Reset on Johnny? I think cpanel disabled password reset because brute force protection was on. Link to comment Share on other sites More sharing options...
jje Posted April 17, 2011 Share Posted April 17, 2011 Each separate address is a separate brute force detector. Port 2082 is blocked (the HelioHost homepage uses this) apparently. Port 2083 is unblocked unless somebody brute forces that apparently. Port 80 (cpanel.heliohost.org) is unblocked unless somebody brute forces that apparently. I am saying 'apparently' as I have not tried yet nor do I have any proof, as I am not in the place at the mo. @Geoff - Hmm... maybe. But I have never seen password reset on Johnny before and I have always wondered why. @Geoff - I'm a bit confused at the moment. Is brute force stopping all users for Stevie or Johnny or both. Is it just port 2082 affected at the mo? Link to comment Share on other sites More sharing options...
Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 Port 80 (cpanel.heliohost.org) is unblocked unless somebody brute forces that apparently. That is actually a proxy to http://stevie:2082/ [On the local network, so don't have to use .heliohost.org] I am saying 'apparently' as I have not tried yet nor do I have any proof, as I am not in the place at the mo. I have no idea how cpanel brute force protection works. It's closed-source so I can't really find out. Link to comment Share on other sites More sharing options...
Ahmedb Posted April 17, 2011 Share Posted April 17, 2011 Until yesterday I could login to my account and check my email through my iPod mail client. Now I cannot check the mail (it says "incorrect username or password) and I get login attempt failed on cPanel. My site is working fine. Server:Stevie Domain: www.alphadev.tk DNS: ns1.heliohost.org ns2.heliohost.org UPDATE: apparently I can login from cpanel.heliohost.org,But still no good news on mail... Link to comment Share on other sites More sharing options...
Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 @Geoff - I'm a bit confused at the moment. Is brute force stopping all users for Stevie or Johnny or both. Is it just port 2082 affected at the mo? Both login pages on 2082. It appears that only select accounts are being locked out; I can log in correctly. Update: It appears I can no longer login on stevie. It also appears that http://stevie.heliohost.org is not displaying the account page, but an empty account. Link to comment Share on other sites More sharing options...
ORKU Posted April 17, 2011 Share Posted April 17, 2011 I appologize fot the trouble, but I seemed to have locked my account named 'turieu' . Probably because I have forgotten my PWD and exceeded the number of allowed tries. Should you be kind to unlock it for me, I promise to keep th PWD in a safe place and not to bother you wiuth such request in the future. I will however bother you with other technical staff Link to comment Share on other sites More sharing options...
Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 Please login via http://cpanel.heliohost.org Link to comment Share on other sites More sharing options...
mariusm98 Posted April 17, 2011 Author Share Posted April 17, 2011 Your account has been suspended due to inactivity to your cPanel. Please use the renew script: http://heliohost.org/scripts/renew.php We recommend you login thru the HelioHost homepage Very odd. I have logged into my cpanel at least once a week over the last few months. Always from here: http://www.heliohost.org/home/ Anyhow, I followed your advice, but login still fails. Then I see Geoff's advice, put that page crashes my Chrome browser. In IE it works, however. Strange stuff.. Thanks a lot. Marius Link to comment Share on other sites More sharing options...
Guest Geoff Posted April 17, 2011 Share Posted April 17, 2011 I'm using chrome, and It doesn't crash my browser. Link to comment Share on other sites More sharing options...
Recommended Posts