The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blacklist IPs

Discussion in 'Security' started by PatrickVeenstra, Jun 1, 2015.

  1. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    I have a .conf file with IPs that are not allowed to access the server.
    Am I assuming correctly that I should include the file in the "pre main include" section of the Include Editor?

    Thanks in advance for helping.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you attempting to block IP addresses from accessing Apache? Have you considering using a firewall management tool such as CSF instead?

    Thank you.
     
  3. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Yes I am. I'm automatically downloading an IP list and create a .conf file to exclude all those IPs.
    Can I update the IP list from the commandline (i.e. using a cron job) if I use CSF?
     
  4. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
    With CSF you have a blacklist option that can download lists of IPs periodically. If used with ipset on the server you can have huge blacklists without any significant slowdown of the requests. The blocks are made on IP level, which means they will have no access to any service on the server whatsoever.

    Blocking around 30k IPs alltogether on each of my servers and it's working great.
     
  5. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi there!

    You could create a script to update:
    Code:
    /etc/csf/csf.deny
    
    Just make sure you restart csf and lfd after any changes.
     
  6. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Thanks weetabix, but can you please point me to the auto update function?

    edit: thank you LordNerd
     
  7. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    No worries. If you do try to get my suggestion working, do let me know how it goes!
     
  8. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
    I meant blocklist, they are configurable i csf.blocklist and in the cpanel plugin you have a button for editing it.
     
  9. Mangoose

    Mangoose Member

    Joined:
    Aug 5, 2014
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Recently I enabled the cP Hulk Brute Force Protection and now I receive on an hourly bases a list of IP's from which an malicious hack attempt was made.

    Related to Patrick's question these are mine:

    1. can't you use a script that blacklists those IP's within the cP Hulk Brute Force protection and force them in the blacklist and if such a script / command line is present, what is it it ?

    2. if I where to implement what you all suggested to Patrick how can I check if those IP are actually blacklisted and is there a way I can whitelist an IP that mistakenly ends up being there ?

    Thanks in advance for any reply.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. You should not have to block an IP address in cPhulk if the IP address is already blocked by your firewall. Those IP addresses would not be able to attempt authentication without access to connect to the server.

    2. Could you be more specific? Are you referring to the suggestion to install CSF?

    Thank you.
     
Loading...

Share This Page