Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Country Level Blocking

Discussion in 'Security' started by Harlequin, Apr 9, 2017.

Tags:
  1. Harlequin

    Harlequin Active Member

    Joined:
    Sep 4, 2011
    Messages:
    39
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Santa Cruz de Tenerife, Spain
    cPanel Access Level:
    Reseller Owner
    Twitter:
    I've been using Security & Firewall - csf v10.05 to block users and it's working well but it's also blocking genuine users from accessing the websites.

    Is it possible somehow to ONLY block access to the WHM login but allow users to browse the sites on the server...?
     
  2. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    568
    Likes Received:
    40
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You have to set allow/deny WHM access through Host Access Control area

    Login to WHM >> Host Access Control area

    whostmgrd YourIP allow
    whostmgrd all deny


    The allow line(s) must be above the deny ones or else you will block yourself out of WHM on the machine and need to edit /etc/hosts.allow in root SSH to unlock WHM

    Please refer documents for more information.
    Host Access Control - Documentation - cPanel Documentation
     
  3. Harlequin

    Harlequin Active Member

    Joined:
    Sep 4, 2011
    Messages:
    39
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Santa Cruz de Tenerife, Spain
    cPanel Access Level:
    Reseller Owner
    Twitter:
    Thanks

    Given that my IP can change that doesn't sound like the best solution as I could in theory end up locking myself out of my own server.

    Will it allow for wildcards...? "1.2.%" for example...?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    If you prefer to use the Host Access Control option in Web Host Manager, then you could add a netmask to allow from specific IP ranges. For example, 192.168.0.0/255.255.255.0, where 255.255.255.0 is the desired network mask you want to use. This is documented at:

    Host Access Control - Documentation - cPanel Documentation

    Thank you.
     
  5. Harlequin

    Harlequin Active Member

    Joined:
    Sep 4, 2011
    Messages:
    39
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Santa Cruz de Tenerife, Spain
    cPanel Access Level:
    Reseller Owner
    Twitter:
    I've added 2 step authentication and it's working perfectly fine. However, I still get the LFD failures. For example:

    Time: Tue Apr 11 18:46:34 2017 +0100
    IP: 81.199.16.113 (UG/Uganda/81.199.16.113.satcom-systems.net)
    Failures: 5 (sshd)
    Interval: 3600 seconds
    Blocked: Permanent Block

    Log entries:

    Apr 11 18:46:23 serv sshd[23741]: Invalid user admin from 81.199.16.113
    Apr 11 18:46:23 serv sshd[23741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.199.16.113
    Apr 11 18:46:25 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2
    Apr 11 18:46:28 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2
    Apr 11 18:46:30 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page