Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Blacklist IPs

Discussion in 'Security' started by PatrickVeenstra, Jun 1, 2015.

  1. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    146
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    I have a .conf file with IPs that are not allowed to access the server.
    Am I assuming correctly that I should include the file in the "pre main include" section of the Include Editor?

    Thanks in advance for helping.
     
    #1 PatrickVeenstra, Jun 1, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,730
    Likes Received:
    1,992
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Are you attempting to block IP addresses from accessing Apache? Have you considering using a firewall management tool such as CSF instead?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jun 2, 2015
  3. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    146
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Yes I am. I'm automatically downloading an IP list and create a .conf file to exclude all those IPs.
    Can I update the IP list from the commandline (i.e. using a cron job) if I use CSF?
     
    #3 PatrickVeenstra, Jun 2, 2015
  4. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    59
    Likes Received:
    3
    Trophy Points:
    158
    With CSF you have a blacklist option that can download lists of IPs periodically. If used with ipset on the server you can have huge blacklists without any significant slowdown of the requests. The blocks are made on IP level, which means they will have no access to any service on the server whatsoever.

    Blocking around 30k IPs alltogether on each of my servers and it's working great.
     
    #4 weetabix, Jun 2, 2015
  5. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi there!

    You could create a script to update:
    Code:
    /etc/csf/csf.deny
    Just make sure you restart csf and lfd after any changes.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 LostNerd, Jun 3, 2015
  6. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    146
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Thanks weetabix, but can you please point me to the auto update function?

    edit: thank you LordNerd
     
    #6 PatrickVeenstra, Jun 3, 2015
  7. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    No worries. If you do try to get my suggestion working, do let me know how it goes!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 LostNerd, Jun 3, 2015
  8. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    59
    Likes Received:
    3
    Trophy Points:
    158
    I meant blocklist, they are configurable i csf.blocklist and in the cpanel plugin you have a button for editing it.
     
    #8 weetabix, Jun 3, 2015
  9. Mangoose

    Mangoose Active Member

    Joined:
    Aug 5, 2014
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Recently I enabled the cP Hulk Brute Force Protection and now I receive on an hourly bases a list of IP's from which an malicious hack attempt was made.

    Related to Patrick's question these are mine:

    1. can't you use a script that blacklists those IP's within the cP Hulk Brute Force protection and force them in the blacklist and if such a script / command line is present, what is it it ?

    2. if I where to implement what you all suggested to Patrick how can I check if those IP are actually blacklisted and is there a way I can whitelist an IP that mistakenly ends up being there ?

    Thanks in advance for any reply.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 Mangoose, Jun 30, 2015
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,730
    Likes Received:
    1,992
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    1. You should not have to block an IP address in cPhulk if the IP address is already blocked by your firewall. Those IP addresses would not be able to attempt authentication without access to connect to the server.

    2. Could you be more specific? Are you referring to the suggestion to install CSF?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 cPanelMichael, Jul 20, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Blacklist
  1. Kamil Brand Nova

    Blacklisting IP's in Host Access Control blocks FTP connections?

    Kamil Brand Nova, Dec 14, 2018, in forum: Security
    Replies:
    1
    Views:
    253
    cPanelMichael
    Dec 17, 2018
  2. cowner

    cPHulk blacklist deny login but not view website?

    cowner, Nov 13, 2018, in forum: Security
    Replies:
    2
    Views:
    174
    cPanelMichael
    Nov 13, 2018
  3. Reado

    Emails from cPanel are blacklisted by spamhaus

    Reado, Oct 29, 2018, in forum: E-mail Discussion
    Replies:
    9
    Views:
    224
    cPanelMichael
    Nov 12, 2018
  4. cPanelResources

    Tutorial How do I check if my mail server is blacklisted?

    cPanelResources, Oct 22, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    401
    cPanelMichael
    Dec 6, 2018
  5. chris0147

    Email blacklisted still goes to spam

    chris0147, Oct 16, 2018, in forum: E-mail Discussion
    Replies:
    4
    Views:
    381
    medicakare
    Dec 22, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice