CSF will do this when you've fine tuned it.
I see that you only installed csf recently.
Did you choose one of the default profiles?
I'd suggest choosing the high profile, and then fine tuning some of the options to suit your requirements.
It's a mine field.
Also within CSF is the option to use predefined black lists. (LFD Blocklists) (about 4 icons up from the PayPal logo)
The ones with the hash missing, are the ones i'm using, without any detrimental effect.
Code:
#Spamhaus Don't Route Or Peer List (DROP)
#Details: http://www.spamhaus.org/drop/
SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.lasso
#Spamhaus Extended DROP List (EDROP)
#Details: http://www.spamhaus.org/drop/
SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.lasso
#DShield.org Recommended Block List
#Details: http://dshield.org
DSHIELD|86400|0|http://www.dshield.org/block.txt
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
# TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
# Alternative TOR Exit Nodes List
# Details: http://torstatus.blutmagie.de/
# ALTTOR|86400|0|http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
# BOGON list
# Details: http://www.team-cymru.org/Services/Bogons/
BOGON|86400|0|http://www.cymru.com/Documents/bogon-bn-agg.txt
# Project Honey Pot Directory of Dictionary Attacker IPs
# Details: http://www.projecthoneypot.org
HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
# C.I. Army Malicious IP List
# Details: http://www.ciarmy.com
CIARMY|86400|0|http://www.ciarmy.com/list/ci-badguys.txt
# BruteForceBlocker IP List
# Details: http://danger.rulez.sk/index.php/bruteforceblocker/
BFB|86400|0|http://danger.rulez.sk/projects/bruteforceblocker/blist.php
# OpenBL.org 30 day List
# Details: https://www.openbl.org
OPENBL|86400|0|https://www.openbl.org/lists/base_30days.txt
# Autoshun Shun List
# Details: http://www.autoshun.org/
AUTOSHUN|86400|0|http://www.autoshun.org/files/shunlist.csv
# MaxMind GeoIP Anonymous Proxies
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://www.maxmind.com/en/anonymous_proxies
# MAXMIND|86400|0|https://www.maxmind.com/en/anonymous_proxies
# Blocklist.de
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://www.blocklist.de
# This first list only retrieves the IP addresses added in the last hour
# BDE|3600|0|https://api.blocklist.de/getlast.php?time=3600
# This second list retrieves all the IP addresses added in the last 48 hours
# and is usually a very large list (over 10000 entries), so be sure that you
# have the resources available to use it
# BDEALL|86400|0|http://lists.blocklist.de/lists/all.txt
Another neat security feature is "Host Access Control" in whm.
There you could limit certain tasks to IP's.
So for instance, if you, and you alone, should have SSH access, then add your IP address, your range of IP addresses, and deny everyone else.
Again, another bit of a mine field, but happy to show you how i configured mine