The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPHulk IP Questions

Discussion in 'Security' started by OLM, Oct 31, 2014.

  1. OLM

    OLM Member

    Joined:
    Oct 31, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Folks,

    First posting here and am relatively new to cPanel so apologies in advance if
    I don't get all the terminology right first time.

    So here's the issue and questions - a few months ago the VPS started receiving
    quite a lot of various log in attempts to all services originating from many
    different countries. There are about 15 sites on the VPS and all were getting
    log in attempts to the various services.

    I was receiving lots of emails from the cPHulk system and was busily adding them
    to the blacklist.

    As we only log in to the server from two countries I started then to add IP Ranges
    from several countries to the blacklist. This worked well until today when we received
    a few thousand attempts from an IP from a country that wasn't on the blacklist.

    The VPS froze with a load count over 300 and the sites went down eventually.
    Restarted the VPS and blocked the IP - apparently the cPHulk database needed
    repairing and then everything returned to normal.

    So the above got me worried and I am unsure as to whether the number of
    records in the blacklist would be an issue - it currently stands at around
    80,000 records.

    I do want to add some more IP ranges from countries that I haven't yet added
    but am concerned that I shouldn't?

    I didn't want to use the firewall approach as I don't want to block visitors from
    various countries just block log in attempts.

    Any advice appreciated!

    Cheers

    Steve
     
  2. OLM

    OLM Member

    Joined:
    Oct 31, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Just an update - have managed to reduce the number of records in the blacklist significantly by
    finding a better structured Country IP list. Have reduced the number from a little over 80,000 IP
    records to just over 26,000.

    This should cover all countries except the two that I need to log in from.

    Anyone see any issue with having 26,000+ records in the IP Blacklist??

    Cheers

    Steve
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might do better to use ConfigServer Firewall for this.
    At this link:
    ConfigServer Security & Firewall
    Use your browser to search for this section and see what options you have:
    Country Code Lists and Settings

    Also, read the warnings.
     
Loading...

Share This Page