Country Level Blocking

Harlequin · Apr 9, 2017

I've been using Security & Firewall - csf v10.05 to block users and it's working well but it's also blocking genuine users from accessing the websites.

Is it possible somehow to ONLY block access to the WHM login but allow users to browse the sites on the server...?

SysSachin · Apr 9, 2017

Hello,

You have to set allow/deny WHM access through Host Access Control area

Login to WHM >> Host Access Control area

whostmgrd YourIP allow
whostmgrd all deny

The allow line(s) must be above the deny ones or else you will block yourself out of WHM on the machine and need to edit /etc/hosts.allow in root SSH to unlock WHM

Please refer documents for more information.
Host Access Control - Documentation - cPanel Documentation

Harlequin · Apr 10, 2017

Thanks

Given that my IP can change that doesn't sound like the best solution as I could in theory end up locking myself out of my own server.

Will it allow for wildcards...? "1.2.%" for example...?

cPanelMichael · Apr 10, 2017

Hello,

If you prefer to use the Host Access Control option in Web Host Manager, then you could add a netmask to allow from specific IP ranges. For example, 192.168.0.0/255.255.255.0, where 255.255.255.0 is the desired network mask you want to use. This is documented at:

Host Access Control - Documentation - cPanel Documentation

Thank you.

Harlequin · Apr 11, 2017

I've added 2 step authentication and it's working perfectly fine. However, I still get the LFD failures. For example:

Time: Tue Apr 11 18:46:34 2017 +0100
IP: 81.199.16.113 (UG/Uganda/81.199.16.113.satcom-systems.net)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:

Apr 11 18:46:23 serv sshd[23741]: Invalid user admin from 81.199.16.113
Apr 11 18:46:23 serv sshd[23741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.199.16.113
Apr 11 18:46:25 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2
Apr 11 18:46:28 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2
Apr 11 18:46:30 serv sshd[23741]: Failed password for invalid user admin from 81.199.16.113 port 3561 ssh2

cPanelMichael · Apr 11, 2017

Hello @Harlequin,

The output you provided shows failed SSH access attempts. Two-Factor authentication does not apply to SSH. You may want to consider modifying your SSH configuration settings (e.g. changing the default SSH port) per the instructions at:

[Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Country Level Blocking

Harlequin Active Member

SysSachin Well-Known Member

Harlequin Active Member

cPanelMichael Forums Analyst
Staff Member

Harlequin Active Member

cPanelMichael Forums Analyst
Staff Member

In Progress How to whitelist a country?

Allow country for specific website from blocked country

Spamassassin relay country & Can't locate loadable object for module Geo::IP

ModSecurity Rule to Block Country for One Domain Only?

Hits By Country

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Country Level Blocking

Harlequin Active Member

SysSachin Well-Known Member

Harlequin Active Member

cPanelMichael Forums Analyst Staff Member

Harlequin Active Member

cPanelMichael Forums Analyst Staff Member

In Progress How to whitelist a country?

Allow country for specific website from blocked country

Spamassassin relay country & Can't locate loadable object for module Geo::IP

ModSecurity Rule to Block Country for One Domain Only?

Hits By Country

Share This Page

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member