The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block a Complete Country

Discussion in 'Security' started by etcspl, Aug 30, 2014.

  1. etcspl

    etcspl Member

    Joined:
    Jun 18, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, Friends...
    I am using Managed VPS. And got 16Attacks from 3countries(14China + 1Honkong + 1Romania)
    Their IP has blocked by cPHulk Brute Force Protection.
    So, Is there any Way to stop complete traffic from China in VPS
     
  2. triantech

    triantech Well-Known Member

    Joined:
    Jul 1, 2014
    Messages:
    145
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kochi, India, India
    cPanel Access Level:
    Root Administrator
    Hello,

    Assuming you have already installed CSF, you can do this from WHM. Navigate to :

    Home » Plugins » ConfigServer Security & Firewall

    Open firewall configuration and search for :

    "Country Code to CIDR allow/deny"

    You will find an option "CC_DENY"

    Give CN over there to block all IPs from china.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Keep in mind that it is normal to see a fair amount of brute force traffic on any server.

    China has a LOT of IP ranges, and putting them all into iptables on a VPS can slow performance in some cases. At best it will take a very long time for your firewall to restart.

    I advise instead just changing your SSH port to a non-standard port. This avoids most scans from China without the need for all the iptables overhead.
     
  4. cpangs

    cpangs Registered

    Joined:
    Aug 30, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This is often suggested. Elsewhere people say the bots will find you anyway. Without quibbling over that possibility (or the word "just"), it still makes sense to try not to be the lowest hanging grape on this vine called the Internet.

    A natural question then is: Can one change the port using WHM/cPanel?

    I note that the question has been asked and (not really) answered elsewhere:

    change SSH port Via WHM

    Help change ssh port in whm

    How to change SSH login port, How to change SSH login port

    Regarding the 3rd link, I tried the recommended steps given in the document recommended by cPanelTristan and had no luck --- I was locked out of my server using SSH (even though I changed things on the client side). Thankfully, there was also a WHM-based fix given for that possibility, and it worked for me in (eventually) extricating myself back to port 22. But as a result, I am now a bit hinky about trying the same thing again.

    Thus it would be nice if there was a fully WHM-based method to change the port. If, as I suspect, there is none, a second question is then: Why not? Given the many hoops involved with the process, it makes sense to have an automated way with WHM. In fact, depending on who's giving the advice, the set of necessary hoops changes.

    Here's another post, one that tempts me to go in again after all, as I hadn't messed with the ListenAddress on my original attempt:

    Change SSH Port

    Nah, I think I'll wait for better advice. (Have you noticed how many people suggest trying many things at once regarding such matters? Unwise, I think.)

    Anyway, given all the somewhat different suggestions for changing the port, which leads to so much confusion and frustration for so many, it would be nice to have a reliable, safe method that doesn't require a noob (which I'm) to go so deeply under the hood. Your thoughts?
     
  5. etcspl

    etcspl Member

    Joined:
    Jun 18, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Any more advice to secure things I will change Port... but need more advice From you both...

    Thank you... :)
     
  6. triantech

    triantech Well-Known Member

    Joined:
    Jul 1, 2014
    Messages:
    145
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kochi, India, India
    cPanel Access Level:
    Root Administrator
    Hey,

    Yes, as quizknows advised, changing the SSH port will stop these attacks from china by a large extent.
    If you have got a limited number of persons accessing the SSH service and if their IPs are static, you
    can use host control feature to allow just these IPs which are needed. Alternatively, you might also think
    of disabling the option "Permit Root login" in SSH configuration and setting up a sudo user for the same purpose.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Please feel free to open a feature request via:

    Submit A Feature Request

    Thank you.
     
  8. ITGabs

    ITGabs Well-Known Member

    Joined:
    Jul 30, 2013
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I guess we all have the China, Eastern Europe Problem, someone know a way to just open the 80 port to china and block everything else but without the performance issue?
     
Loading...

Share This Page