Secureserver.net Login Attempts

TL;DR

You’re seeing login attempts from secureserver.net. This usually means someone is trying to guess passwords for your website or accounts hosted on their servers. Here’s how to investigate and protect yourself.

1. Understand What Secureserver.net Is

Secureserver.net provides web hosting, email services, and other online tools. Seeing login attempts from them isn’t necessarily a hack *in progress*, but it’s a strong signal to check your security.

2. Check Your Website Logs

1. Access Your Hosting Control Panel: Log in to the control panel provided by Secureserver.net (usually cPanel or Plesk).
2. Find the Logs: Look for a section called “Logs,” “Raw Access Logs,” or similar. It might be under “Metrics” or “Statistics.”
3. Examine Recent Login Attempts: Filter the logs to show only login attempts (often using keywords like ‘login’, ‘auth’, ‘failed’). Pay attention to:
   • IP Addresses: Note the IP addresses attempting logins.
   • Usernames: See if they’re trying common usernames or valid ones.
   • Timestamps: See how frequent the attempts are.

Example log entry (may vary):

192.0.2.1 - user [username] failed login attempt from secureserver.net

3. Block Suspicious IP Addresses

1. cPanel: In cPanel, go to “Security” > “IP Blocker.” Enter the suspicious IP addresses and block them.
2. Plesk: In Plesk, go to “Tools & Settings” > “IP Address Blacklist”. Add the IPs you identified.
3. Firewall (if available): If your hosting provides a firewall tool (like Cloudflare or Sucuri), use it to block the IPs.

Be careful not to block legitimate users by mistake!

4. Strengthen Your Passwords

1. Change All Passwords: Update passwords for your website admin account, database access, email accounts, and FTP/SFTP logins.
2. Use Strong Passwords: Create complex passwords with a mix of uppercase and lowercase letters, numbers, and symbols. A password manager can help.
3. Enable Two-Factor Authentication (2FA): If your hosting or website platform offers 2FA, enable it immediately. This adds an extra layer of security.

5. Review User Accounts

1. Remove Unnecessary Accounts: Delete any user accounts that are no longer needed.
2. Check Account Permissions: Ensure users have only the permissions they require. Avoid giving everyone admin access.

6. Scan for Malware

1. Use a Website Security Scanner: Tools like Sucuri SiteCheck, Wordfence (for WordPress), or your hosting provider’s scanner can detect malware that might be causing the login attempts.
2. Follow Scanner Recommendations: If malware is found, follow the scanner’s instructions to remove it.

7. Contact Secureserver.net Support

If you’re concerned about repeated or unusual activity, contact Secureserver.net support for assistance. They may be able to provide more information and help secure your account.