Is there a good way to block access to a specific cPanel account from various countries, spam bots, or domains? These unwanted visits are using up a bulk of our allocated bandwidth.
Thanks
Thanks
Able to block spam bots and other unwanted traffic to a site
- Thread starter dogpaw
- Start date
As far as countries that is difficult, you could block IP ranges in the sites .htaccess but there are better approaches for stopping unwanted traffic that don't involve IP blocking.
You can block a lot of requests based on user agent or other attributes using mod_security. I would advise creating some custom rules to deny the user agents of the spam bots. Also if you use both CSF and Mod_Security, CSF can ban peoples IP's based on repeat triggers of modsec rules.
You can block a lot of requests based on user agent or other attributes using mod_security. I would advise creating some custom rules to deny the user agents of the spam bots. Also if you use both CSF and Mod_Security, CSF can ban peoples IP's based on repeat triggers of modsec rules.
This sounds like a good way to go but not having any experience in using Mod_Security, it looks like I'll be googling that and researching.As far as countries that is difficult, you could block IP ranges in the sites .htaccess but there are better approaches for stopping unwanted traffic that don't involve IP blocking.
You can block a lot of requests based on user agent or other attributes using mod_security. I would advise creating some custom rules to deny the user agents of the spam bots. Also if you use both CSF and Mod_Security, CSF can ban peoples IP's based on repeat triggers of modsec rules.
I appreciate your help.
Definitely use CSF. It has the ability to block entire countries (but only for the entire server, not by account), and as quizknows stated, it can automatically block people who repeatedly trigger ModSecurity rules, or try to brute force your logins, or... any of a number of things.
I'd recommend the Atomiccorp ModSecurity rules. They already have rules to block many of the worst bots (and vulnerability scanners), and I've had less false positives with these than the rules that were installed by default.
I'd recommend the Atomiccorp ModSecurity rules. They already have rules to block many of the worst bots (and vulnerability scanners), and I've had less false positives with these than the rules that were installed by default.
Agreed, great rule set and very few false positives.I'd recommend the Atomiccorp ModSecurity rules. They already have rules to block many of the worst bots (and vulnerability scanners), and I've had less false positives with these than the rules that were installed by default.
Looks like some sort of WHM/cPanel plugin. Thanks for the lead. I'll check it out. Much appreciated!
CSF is a plugin that manages IP tables firewall rules (open and closed ports, etc) and also has a login failure daemon that blocks IPs for excessive failed logins. Make sure your server does not have another software firewall like APF before you install it. CSF is awesome, it even lets you block/unblock IPs from WHM.
WHM by default allows me to block IPs after excessive failed logins and manually enter whitelist and blacklist IPs. I wonder what this plugin has to offer that's not already built into WHM by default. Sounds like I need to read more about this plugin....CSF is a plugin that manages IP tables firewall rules (open and closed ports, etc) and also has a login failure daemon that blocks IPs for excessive failed logins. Make sure your server does not have another software firewall like APF before you install it. CSF is awesome, it even lets you block/unblock IPs from WHM.
It offers so many more features than WHM does to protect your server. IMO its by far the best software firewallWHM by default allows me to block IPs after excessive failed logins and manually enter whitelist and blacklist IPs. I wonder what this plugin has to offer that's not already built into WHM by default. Sounds like I need to read more about this plugin....
Great, thanks. I really appreciate your info and advice. Take care.It offers so many more features than WHM does to protect your server. IMO its by far the best software firewall
Thats only for cPanel/WHM access. CSF handles e-mail, SSH, ftp, etc. failed logins, and much more as sford999 mentioned.WHM by default allows me to block IPs after excessive failed logins and manually enter whitelist and blacklist IPs.
