The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Able to block spam bots and other unwanted traffic to a site

Discussion in 'Security' started by dogpaw, Mar 29, 2013.

  1. dogpaw

    dogpaw Member

    Joined:
    Apr 26, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Is there a good way to block access to a specific cPanel account from various countries, spam bots, or domains? These unwanted visits are using up a bulk of our allocated bandwidth.

    Thanks
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    As far as countries that is difficult, you could block IP ranges in the sites .htaccess but there are better approaches for stopping unwanted traffic that don't involve IP blocking.

    You can block a lot of requests based on user agent or other attributes using mod_security. I would advise creating some custom rules to deny the user agents of the spam bots. Also if you use both CSF and Mod_Security, CSF can ban peoples IP's based on repeat triggers of modsec rules.
     
  3. dogpaw

    dogpaw Member

    Joined:
    Apr 26, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This sounds like a good way to go but not having any experience in using Mod_Security, it looks like I'll be googling that and researching.

    I appreciate your help.
     
  4. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Definitely use CSF. It has the ability to block entire countries (but only for the entire server, not by account), and as quizknows stated, it can automatically block people who repeatedly trigger ModSecurity rules, or try to brute force your logins, or... any of a number of things.

    I'd recommend the Atomiccorp ModSecurity rules. They already have rules to block many of the worst bots (and vulnerability scanners), and I've had less false positives with these than the rules that were installed by default.
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Agreed, great rule set and very few false positives.
     
  6. dogpaw

    dogpaw Member

    Joined:
    Apr 26, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    What is CSF?
     
  7. sford999

    sford999 Member

    Joined:
    Apr 20, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
  8. dogpaw

    dogpaw Member

    Joined:
    Apr 26, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Looks like some sort of WHM/cPanel plugin. Thanks for the lead. I'll check it out. Much appreciated!
     
  9. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    CSF is a plugin that manages IP tables firewall rules (open and closed ports, etc) and also has a login failure daemon that blocks IPs for excessive failed logins. Make sure your server does not have another software firewall like APF before you install it. CSF is awesome, it even lets you block/unblock IPs from WHM.
     
  10. dogpaw

    dogpaw Member

    Joined:
    Apr 26, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    WHM by default allows me to block IPs after excessive failed logins and manually enter whitelist and blacklist IPs. I wonder what this plugin has to offer that's not already built into WHM by default. Sounds like I need to read more about this plugin....
     
  11. sford999

    sford999 Member

    Joined:
    Apr 20, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    It offers so many more features than WHM does to protect your server. IMO its by far the best software firewall
     
  12. dogpaw

    dogpaw Member

    Joined:
    Apr 26, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Great, thanks. I really appreciate your info and advice. Take care.
     
  13. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Thats only for cPanel/WHM access. CSF handles e-mail, SSH, ftp, etc. failed logins, and much more as sford999 mentioned.
     
Loading...

Share This Page