Blacklist IPs

With CSF you have a blacklist option that can download lists of IPs periodically. If used with ipset on the server you can have huge blacklists without any significant slowdown of the requests. The blocks are made on IP level, which means they will have no access to any service on the server whatsoever.

Blocking around 30k IPs alltogether on each of my servers and it's working great.

 

Hi there!

You could create a script to update:

Code:

/etc/csf/csf.deny

Just make sure you restart csf and lfd after any changes.

 

No worries. If you do try to get my suggestion working, do let me know how it goes!

 

I meant blocklist, they are configurable i csf.blocklist and in the cpanel plugin you have a button for editing it.

 

Recently I enabled the cP Hulk Brute Force Protection and now I receive on an hourly bases a list of IP's from which an malicious hack attempt was made.

Related to Patrick's question these are mine:

1. can't you use a script that blacklists those IP's within the cP Hulk Brute Force protection and force them in the blacklist and if such a script / command line is present, what is it it ?

2. if I where to implement what you all suggested to Patrick how can I check if those IP are actually blacklisted and is there a way I can whitelist an IP that mistakenly ends up being there ?

Thanks in advance for any reply.