cPHulk Deny Order Question

[Mike01]

Hello, Just a simple question about cPHulk (which seems to be awesome, by the way)...

Is the IP Block configuration designated as:

Deny,Allow ...or... Allow,Deny ?

In other words, supposed I Blacklist: 70.0.0.0/8
...and suppose my IP is Whitelisted: 70.26.18.6

Will I be able to log in? (I'm too afraid to test it )

...or is the Blacklist obeyed regardless of the whitelist?

Thanks!
-Mike

 

[quizknows]

I just tested, if you do as you say, you'll be fine. Whitelist over-rode a CIDR block in the blacklist.

BTW, if you're still worried, you can do this to clear the blacklist out completely:

SSH in as root
mysql cphulkd
delete from blacklist ;
\q

 

[Mike01]

That's awesome!

So, basically you could whitelist your IP's (assuming you never have to login from another location)
and then set your blacklist as:
1.0.0.0/2
64.0.0.0/2
128.0.0.0/2
192.0.0.0/2
(FIY: this blocks EVERY Internet IPv4 address)

...and unless someone is able to spoof your IP's, you'll have little worries about hackers to your cPanel.
Cool!
(Not that I'd necessarily recommend this, but theoretically it could be done.)


On a related note, here's what my blacklist looks like:
(Note: I'm in the sw region of the USA)

1.0.0.0/2
100.0.0.0/6
104.0.0.0/6
108.0.0.0/6
112.0.0.0/4
128.0.0.0/2
192.0.0.0/2
64.0.0.0/6
71.0.0.0/8
77.0.0.0/8
80.0.0.0/6
93.0.0.0/8

MOST of the entire Internet is blocked with this blacklist...and this list will likely grow.
Really not interested in playing cat & mouse games with hackers trying to crack my cPanel.
Ban them before they even start, I say.

...and if anyone needs a great & simple CIDR Calculator, this is what I use:
http://bonomo.info/coyote/cidr-calculator.php

 

[quietFinn]

That's awesome!

So, basically you could whitelist your IP's (assuming you never have to login from another location)
and then set your blacklist as:
1.0.0.0/2
64.0.0.0/2
128.0.0.0/2
192.0.0.0/2
(FIY: this blocks EVERY Internet IPv4 address)

I believe you could use:
0.0.0.0/0

 

[quizknows]

If you're the only one who needs access, why not just close the ports in the firewall? If you use configserver firewall, just close 2086, 2087, 2082, 2083, etc., and put your own IP(s) into csf.allow. IP's in csf.allow bypass closed ports.

 

[Mike01]

I believe you could use:
0.0.0.0/0

Hmmm... I'm not sure if /0 is allowed.
The CIDR tool doesn't allow it, says must be >0
But that doesn't mean it's not allowable.

 

[cPanelMichael]

Hello

Keep in mind that cPHulk will not block the actual access attempt. It will only prevent successful logins. You may find the "Host Access Control" option a little more useful for what you are seeking:

"WHM Home » Security Center » Host Access Control"

It's documented at:

Host Access Control

Thank you.