Ban IP's that access too many 404 pages

subtopic

Member
Aug 30, 2018
16
1
3
95050
cPanel Access Level
Root Administrator
I am hosting sites with inmotionhosting, and have used up 2 hours of paid support, and they cannot configure CSF to ban IP's that request over 100 404 pages.

I am getting attacked daily from thousands of IP's requesting a file called chrqd.php, here is an example

Code:
1-0    -    0/0/1    .    0.04    679    0    0.0    0.00    0.00    94.23.196.106    http/1.1    vps.inmotionhosting.com:80    GET /xcns/chrqd.php?up=%C3%9A%C2%AF%C3%98%C2%B1%C3%99%CB%86%C3%
There are 10 other lines of IP's doing 679 requests to that file against my VPS and other domains I manage.

I can only think of using CSF to ban these IP's.

Is there a better solution?

This post was done on the CSF forum already located here. I just thought I would ask on here as well.
 

subtopic

Member
Aug 30, 2018
16
1
3
95050
cPanel Access Level
Root Administrator
Looks like I have it in WHM. How do I configure the 404 banning in this?

/image.ibb.co/jfasL9/mod.png

Here is the vendors page

preview.ibb.co/gHhBDU/mod2.png
 
Last edited by a moderator:

subtopic

Member
Aug 30, 2018
16
1
3
95050
cPanel Access Level
Root Administrator
Alright, I followed a guide and went into the EasyApache4 settings, and looked at the modules installed, and mod_security is installed it says. A little green box next to it says installed.

If you can tell me what I can do with mod_security to help with this issue, I can search into it.

I appreciate your help!
 

Infopro

Well-Known Member
May 20, 2003
17,107
515
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
In your screenshots posted above, you could see it stated Vendor not installed. Did you install it from there on that page? It's a few clicks.

Once mod security is installed properly, and you've configured it on the mod security settings page:
WebHost Manager »Security Center »ModSecurity™ Configuration »Configure Global Directives

You'll see a list of rule hits on this page as they get triggered by this sort of bad traffic:
WebHost Manager »Security Center »ModSecurity™ Tools »Hits List

You should also find the docs of some use for making your server more secure:
Recommended Security Settings - cPanel Knowledge Base - cPanel Documentation