Country Level Blocking

Harlequin · Apr 9, 2017

I've been using Security & Firewall - csf v10.05 to block users and it's working well but it's also blocking genuine users from accessing the websites.

Is it possible somehow to ONLY block access to the WHM login but allow users to browse the sites on the server...?

SysSachin · Apr 9, 2017

Hello,

You have to set allow/deny WHM access through Host Access Control area

Login to WHM >> Host Access Control area

whostmgrd YourIP allow
whostmgrd all deny

The allow line(s) must be above the deny ones or else you will block yourself out of WHM on the machine and need to edit /etc/hosts.allow in root SSH to unlock WHM

Please refer documents for more information.
Host Access Control - Documentation - cPanel Documentation

Harlequin · Apr 10, 2017

Thanks

Given that my IP can change that doesn't sound like the best solution as I could in theory end up locking myself out of my own server.

Will it allow for wildcards...? "1.2.%" for example...?

cPanelMichael · Apr 10, 2017

Hello,

If you prefer to use the Host Access Control option in Web Host Manager, then you could add a netmask to allow from specific IP ranges. For example, 192.168.0.0/255.255.255.0, where 255.255.255.0 is the desired network mask you want to use. This is documented at:

Host Access Control - Documentation - cPanel Documentation

Thank you.

Harlequin · Apr 11, 2017

I've added 2 step authentication and it's working perfectly fine. However, I still get the LFD failures. For example:

Time: Tue Apr 11 18:46:34 2017 +0100
IP: 81.199.16.113 (UG/Uganda/81.199.16.113.satcom-systems.net)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:

Apr 11 18:46:23 serv sshd[23741]: Invalid user admin from 81.199.16.113
Apr 11 18:46:23 serv sshd[23741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.199.16.113
Apr 11 18:46:25 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2
Apr 11 18:46:28 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2
Apr 11 18:46:30 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2

cPanelMichael · Apr 11, 2017

Hello @Harlequin,

The output you provided shows failed SSH access attempts. Two-Factor authentication does not apply to SSH. You may want to consider modifying your SSH configuration settings (e.g. changing the default SSH port) per the instructions at:

[Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
S	SOLVED CSF country block but allow DNS	Security	5	Dec 7, 2020
W	How to block access to a site by country?	Security	3	Aug 26, 2020
J	csf not show country	Security	3	Apr 25, 2020
	ERROR: Country Code Lookups	Security	5	Jan 1, 2020
S	CSF and Country Blocking	Security	5	Dec 2, 2019

Search

Search

Country Level Blocking

Harlequin

Well-Known Member

SysSachin

Well-Known Member

Harlequin

Well-Known Member

cPanelMichael

Administrator

Harlequin

Well-Known Member

cPanelMichael

Administrator