cPHulk Deny Order Question

Mike01

Member
Jun 10, 2013
9
0
1
cPanel Access Level
Root Administrator
Hello, Just a simple question about cPHulk (which seems to be awesome, by the way)...

Is the IP Block configuration designated as:

Deny,Allow ...or... Allow,Deny ?

In other words, supposed I Blacklist: 70.0.0.0/8
...and suppose my IP is Whitelisted: 70.26.18.6

Will I be able to log in? (I'm too afraid to test it :eek: )

...or is the Blacklist obeyed regardless of the whitelist?

Thanks!
-Mike
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I just tested, if you do as you say, you'll be fine. Whitelist over-rode a CIDR block in the blacklist.

BTW, if you're still worried, you can do this to clear the blacklist out completely:

SSH in as root
mysql cphulkd
delete from blacklist ;
\q
 

Mike01

Member
Jun 10, 2013
9
0
1
cPanel Access Level
Root Administrator
That's awesome!

So, basically you could whitelist your IP's (assuming you never have to login from another location)
and then set your blacklist as:
1.0.0.0/2
64.0.0.0/2
128.0.0.0/2
192.0.0.0/2
(FIY: this blocks EVERY Internet IPv4 address)

...and unless someone is able to spoof your IP's, you'll have little worries about hackers to your cPanel.
Cool! :cool:
(Not that I'd necessarily recommend this, but theoretically it could be done.)


On a related note, here's what my blacklist looks like:
(Note: I'm in the sw region of the USA)
Code:
1.0.0.0/2
100.0.0.0/6
104.0.0.0/6
108.0.0.0/6
112.0.0.0/4
128.0.0.0/2
192.0.0.0/2
64.0.0.0/6
71.0.0.0/8
77.0.0.0/8
80.0.0.0/6
93.0.0.0/8
MOST of the entire Internet is blocked with this blacklist...and this list will likely grow.
Really not interested in playing cat & mouse games with hackers trying to crack my cPanel.
Ban them before they even start, I say.

...and if anyone needs a great & simple CIDR Calculator, this is what I use:
http://bonomo.info/coyote/cidr-calculator.php
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
That's awesome!

So, basically you could whitelist your IP's (assuming you never have to login from another location)
and then set your blacklist as:
1.0.0.0/2
64.0.0.0/2
128.0.0.0/2
192.0.0.0/2
(FIY: this blocks EVERY Internet IPv4 address)
I believe you could use:
0.0.0.0/0 :rolleyes:
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
If you're the only one who needs access, why not just close the ports in the firewall? If you use configserver firewall, just close 2086, 2087, 2082, 2083, etc., and put your own IP(s) into csf.allow. IP's in csf.allow bypass closed ports.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Keep in mind that cPHulk will not block the actual access attempt. It will only prevent successful logins. You may find the "Host Access Control" option a little more useful for what you are seeking:

"WHM Home » Security Center » Host Access Control"

It's documented at:

Host Access Control

Thank you.