Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Ban IP's that access too many 404 pages

Discussion in 'Security' started by subtopic, Aug 30, 2018.

  1. subtopic

    subtopic Member

    Joined:
    Aug 30, 2018
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    95050
    cPanel Access Level:
    Root Administrator
    I am hosting sites with inmotionhosting, and have used up 2 hours of paid support, and they cannot configure CSF to ban IP's that request over 100 404 pages.

    I am getting attacked daily from thousands of IP's requesting a file called chrqd.php, here is an example

    Code:
    1-0    -    0/0/1    .    0.04    679    0    0.0    0.00    0.00    94.23.196.106    http/1.1    vps.inmotionhosting.com:80    GET /xcns/chrqd.php?up=%C3%9A%C2%AF%C3%98%C2%B1%C3%99%CB%86%C3%
    There are 10 other lines of IP's doing 679 requests to that file against my VPS and other domains I manage.

    I can only think of using CSF to ban these IP's.

    Is there a better solution?

    This post was done on the CSF forum already located here. I just thought I would ask on here as well.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,933
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sure you can use CSF for this. Look for the section titled: LF_APACHE_404
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. subtopic

    subtopic Member

    Joined:
    Aug 30, 2018
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    95050
    cPanel Access Level:
    Root Administrator
    Yep, that is what IMH already did, they set that to 100, but as you can see above I am still getting over 600 * (at least) 8 other IP's requesting 404 files each minute it seems.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,933
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. subtopic

    subtopic Member

    Joined:
    Aug 30, 2018
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    95050
    cPanel Access Level:
    Root Administrator
    I looked under

    Code:
    etc/modsecurity
    And don't see that directory, so I take it I don't.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,933
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Here is where you install it from:

    WebHost Manager »Security Center »ModSecurity™ Vendors »Manage Vendors
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. subtopic

    subtopic Member

    Joined:
    Aug 30, 2018
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    95050
    cPanel Access Level:
    Root Administrator
    Looks like I have it in WHM. How do I configure the 404 banning in this?

    /image.ibb.co/jfasL9/mod.png

    Here is the vendors page

    preview.ibb.co/gHhBDU/mod2.png
     
    #7 subtopic, Aug 30, 2018
    Last edited by a moderator: Aug 30, 2018
  8. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,933
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You don’t but you should install it, mod security can help.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. subtopic

    subtopic Member

    Joined:
    Aug 30, 2018
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    95050
    cPanel Access Level:
    Root Administrator
    Alright, I followed a guide and went into the EasyApache4 settings, and looked at the modules installed, and mod_security is installed it says. A little green box next to it says installed.

    If you can tell me what I can do with mod_security to help with this issue, I can search into it.

    I appreciate your help!
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,933
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In your screenshots posted above, you could see it stated Vendor not installed. Did you install it from there on that page? It's a few clicks.

    Once mod security is installed properly, and you've configured it on the mod security settings page:
    WebHost Manager »Security Center »ModSecurity™ Configuration »Configure Global Directives

    You'll see a list of rule hits on this page as they get triggered by this sort of bad traffic:
    WebHost Manager »Security Center »ModSecurity™ Tools »Hits List

    You should also find the docs of some use for making your server more secure:
    Recommended Security Settings - cPanel Knowledge Base - cPanel Documentation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice