This sounds like a good way to go but not having any experience in using Mod_Security, it looks like I'll be googling that and researching.As far as countries that is difficult, you could block IP ranges in the sites .htaccess but there are better approaches for stopping unwanted traffic that don't involve IP blocking.
You can block a lot of requests based on user agent or other attributes using mod_security. I would advise creating some custom rules to deny the user agents of the spam bots. Also if you use both CSF and Mod_Security, CSF can ban peoples IP's based on repeat triggers of modsec rules.
Agreed, great rule set and very few false positives.I'd recommend the Atomiccorp ModSecurity rules. They already have rules to block many of the worst bots (and vulnerability scanners), and I've had less false positives with these than the rules that were installed by default.
WHM by default allows me to block IPs after excessive failed logins and manually enter whitelist and blacklist IPs. I wonder what this plugin has to offer that's not already built into WHM by default. Sounds like I need to read more about this plugin....CSF is a plugin that manages IP tables firewall rules (open and closed ports, etc) and also has a login failure daemon that blocks IPs for excessive failed logins. Make sure your server does not have another software firewall like APF before you install it. CSF is awesome, it even lets you block/unblock IPs from WHM.
It offers so many more features than WHM does to protect your server. IMO its by far the best software firewallWHM by default allows me to block IPs after excessive failed logins and manually enter whitelist and blacklist IPs. I wonder what this plugin has to offer that's not already built into WHM by default. Sounds like I need to read more about this plugin....
|Thread starter||Similar threads||Forum||Replies||Date|
|M||Import blocked IPs from iptables to csf?||Security||3|
|P||SOLVED SMTP Restrictions Disabled but Still Blocked||Security||6|
|Unidentified SSH connections / unable to restrict or block||Security||6|
|C||Disable automatic scanning and blocking of file manager||Security||3|
|A||How to clear blocked ips in iptables from the node||Security||7|