The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk Deny Order Question

Discussion in 'Security' started by Mike01, Jun 28, 2013.

  1. Mike01

    Mike01 Member

    Joined:
    Jun 10, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello, Just a simple question about cPHulk (which seems to be awesome, by the way)...

    Is the IP Block configuration designated as:

    Deny,Allow ...or... Allow,Deny ?

    In other words, supposed I Blacklist: 70.0.0.0/8
    ...and suppose my IP is Whitelisted: 70.26.18.6

    Will I be able to log in? (I'm too afraid to test it :eek: )

    ...or is the Blacklist obeyed regardless of the whitelist?

    Thanks!
    -Mike
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I just tested, if you do as you say, you'll be fine. Whitelist over-rode a CIDR block in the blacklist.

    BTW, if you're still worried, you can do this to clear the blacklist out completely:

    SSH in as root
    mysql cphulkd
    delete from blacklist ;
    \q
     
  3. Mike01

    Mike01 Member

    Joined:
    Jun 10, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    That's awesome!

    So, basically you could whitelist your IP's (assuming you never have to login from another location)
    and then set your blacklist as:
    1.0.0.0/2
    64.0.0.0/2
    128.0.0.0/2
    192.0.0.0/2
    (FIY: this blocks EVERY Internet IPv4 address)

    ...and unless someone is able to spoof your IP's, you'll have little worries about hackers to your cPanel.
    Cool! :cool:
    (Not that I'd necessarily recommend this, but theoretically it could be done.)


    On a related note, here's what my blacklist looks like:
    (Note: I'm in the sw region of the USA)
    Code:
    1.0.0.0/2
    100.0.0.0/6
    104.0.0.0/6
    108.0.0.0/6
    112.0.0.0/4
    128.0.0.0/2
    192.0.0.0/2
    64.0.0.0/6
    71.0.0.0/8
    77.0.0.0/8
    80.0.0.0/6
    93.0.0.0/8
    
    MOST of the entire Internet is blocked with this blacklist...and this list will likely grow.
    Really not interested in playing cat & mouse games with hackers trying to crack my cPanel.
    Ban them before they even start, I say.

    ...and if anyone needs a great & simple CIDR Calculator, this is what I use:
    http://bonomo.info/coyote/cidr-calculator.php
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    I believe you could use:
    0.0.0.0/0 :rolleyes:
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    If you're the only one who needs access, why not just close the ports in the firewall? If you use configserver firewall, just close 2086, 2087, 2082, 2083, etc., and put your own IP(s) into csf.allow. IP's in csf.allow bypass closed ports.
     
  6. Mike01

    Mike01 Member

    Joined:
    Jun 10, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hmmm... I'm not sure if /0 is allowed.
    The CIDR tool doesn't allow it, says must be >0
    But that doesn't mean it's not allowable.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Keep in mind that cPHulk will not block the actual access attempt. It will only prevent successful logins. You may find the "Host Access Control" option a little more useful for what you are seeking:

    "WHM Home » Security Center » Host Access Control"

    It's documented at:

    Host Access Control

    Thank you.
     
Loading...

Share This Page