Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Blacklist IPs

Discussion in 'Security' started by PatrickVeenstra, Jun 1, 2015.

  1. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    104
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    I have a .conf file with IPs that are not allowed to access the server.
    Am I assuming correctly that I should include the file in the "pre main include" section of the Include Editor?

    Thanks in advance for helping.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you attempting to block IP addresses from accessing Apache? Have you considering using a firewall management tool such as CSF instead?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    104
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Yes I am. I'm automatically downloading an IP list and create a .conf file to exclude all those IPs.
    Can I update the IP list from the commandline (i.e. using a cron job) if I use CSF?
     
  4. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    59
    Likes Received:
    3
    Trophy Points:
    158
    With CSF you have a blacklist option that can download lists of IPs periodically. If used with ipset on the server you can have huge blacklists without any significant slowdown of the requests. The blocks are made on IP level, which means they will have no access to any service on the server whatsoever.

    Blocking around 30k IPs alltogether on each of my servers and it's working great.
     
  5. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi there!

    You could create a script to update:
    Code:
    /etc/csf/csf.deny
    
    Just make sure you restart csf and lfd after any changes.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    104
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Thanks weetabix, but can you please point me to the auto update function?

    edit: thank you LordNerd
     
  7. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    No worries. If you do try to get my suggestion working, do let me know how it goes!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    59
    Likes Received:
    3
    Trophy Points:
    158
    I meant blocklist, they are configurable i csf.blocklist and in the cpanel plugin you have a button for editing it.
     
  9. Mangoose

    Mangoose Active Member

    Joined:
    Aug 5, 2014
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Recently I enabled the cP Hulk Brute Force Protection and now I receive on an hourly bases a list of IP's from which an malicious hack attempt was made.

    Related to Patrick's question these are mine:

    1. can't you use a script that blacklists those IP's within the cP Hulk Brute Force protection and force them in the blacklist and if such a script / command line is present, what is it it ?

    2. if I where to implement what you all suggested to Patrick how can I check if those IP are actually blacklisted and is there a way I can whitelist an IP that mistakenly ends up being there ?

    Thanks in advance for any reply.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. You should not have to block an IP address in cPhulk if the IP address is already blocked by your firewall. Those IP addresses would not be able to attempt authentication without access to connect to the server.

    2. Could you be more specific? Are you referring to the suggestion to install CSF?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice