Jimmy That is mostly because IPv4 is reused big times, on OVH i had 600 ssh requests because the ip was reused so don't blame the tool, i'm not sure if this panel is safe but for sure on a production server i won't use any panel not even the paid one's, this one is good for fast dev deployment so is a usefull tool. Who use a panel for production and talk about security and employers that do that and that and they can't make a proper log common sense lol. Look at GoDaddy's cPanel hacking to understand how secure it was.

With this one you have the source code atleast but i still not recommend to use any panel in a production server.

    Port scanning and brute force is also common, This is nothing related to panel. As this panel is having more than a million installation, definitely it will be a target for bad boys.
    Some prevention for production servers

    1. Go with SSH login and disable root once everything is done.
    2. Secure shared memory by adding tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0 in /etc/fstab
    3. Install fail2ban and activate server protection for sshd, ftp, mysql etc
    4. NGINX WAF for website.
    5. Add cloudflare if possible and block ip having threatscore above 14.
    6. Add captcha challenge for countries like china, and other if needed.
    7. Change ssh port to anything between 100 and 1024.
    8. Make Sure No Non-Root Accounts Have UID Set To 0
    9. Enable SSH Login for Specific Users Onl

    Anyone can add points to this as its good for everyone.

    deewinc And you think that audit make it more secure?
    GoDaddy's cPanel was hacked even if it is one of the oldest panel and with hundreds of hours of research, when someone want to hack you will not fail just because your panel have a security audit lol.

    Anything can be hacked once it has access to the internet.

        2 months later

        klaus Anything can be hacked once it has access to the internet.

        You've missed the point.

        Verified audits by independent parties help to build trust in a product.

        GoDaddy was hacked because of a vulnerability on cPanel. And people won't stop using cPanel because it undergoes various security audits, and users know the zero-day issues will be fixed.

        The lack of an independent audit means there are many vulnerabilities present that are unknown to the end-user.