Blocking IP address or Domain

[Janak]

I wish to block certain IP address or domain name accessing my server. I have done entry of IP address in my CSF firewall "Deny IP" option and also I have done entry in cPanel -> IP Deny Manager but still I can see that IP address accessing my server from Apache logs.

Any idea?

[cPanelDavidG]

I wish to block certain IP address or domain name accessing my server. I have done entry of IP address in my CSF firewall "Deny IP" option and also I have done entry in cPanel -> IP Deny Manager but still I can see that IP address accessing my server from Apache logs.

Any idea?

cPanel -> IP Deny Manager only blocks people from visiting the websites on that specific cPanel account. You may want to use the Host Access Control feature in WHM for a broader ban on that IP.

[david510]

He has told he has blocked the IP in csf. It should be fine. Please see you have added the IP into the deny list in cf properly.

[linux7802]

You can also block the ip in Servers iptable or router to block the access for specific ip to your server..

[Spiral]

He has told he has blocked the IP in csf. It should be fine. Please see you have added the IP into the deny list in cf properly.

... And restarted the CSF service!

I wish to block certain IP address or domain name accessing my server. I have done entry of IP address in my CSF firewall "Deny IP" option and also I have done entry in cPanel -> IP Deny Manager but still I can see that IP address accessing my server from Apache logs.

If you don't restart the firewall then the changes won't take effect!

Code:

service csf restart

Or, the Restart CSF firewall" option added by CSF under WHM ...

This is assuming of course that CSF has been installed and configured
correctly and that it is properly linked to IPTABLES / IPCHAINS. Otherwise,
the firewall is pretty useless and isn't really doing anything for you at all.

Incidentally ...

To add a block by IPTABLES directly, you could also do:

Code:

iptables -A INPUT -s x.x.x.x -j DROP

(Where x.x.x.x is the IP address or CIDR range you want to block)

NOTE: Blocking an IP doesn't remove old log entries where an IP has
previously connected so the IP may still show up in your log files even
though it is now blocked and unable to connect. Be sure to check the
date stamps on any log entries to make sure that you are not looking
at old log entries from BEFORE you blocked the IP address!

[Janak]

Thanks to all and specially to Spiral. I was looking old log entries and now the IP address seems to be blocked.

[Spiral]

Thanks to all and specially to Spiral. I was looking old log entries and now the IP address seems to be blocked.

You're welcome!