NixTree
Well-Known Member
I recommend CSF as it works pretty well than fail2ban and designed to work fine with cPanel.
Last edited:
As mentioned above, if you are using cPanel, then csf would be better because you can manage it graphically from WHM>>Plugins. Fail2ban is also good for cPanel servers if you know how to use commands via shell. Fail2ban now include monitoring of log files for almost all services.
Cheers!!!
Cheers!!!
I use CSF and Fail2Ban together all the time. All you need to do is create an action for Fail2Ban that feeds <host> to CSF and let CSF do all the rule writing. Here's what I use:
/etc/fail2ban/action.d/csf-ip-deny.conf:
Then in your jail.conf just put something like this:
For most things it's pointless, since LFD does a nice job of watching the major things that people use Fail2Ban for; but for custom actions and filters it's pretty nice to have them work in tandem.
/etc/fail2ban/action.d/csf-ip-deny.conf:
Code:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = csf -d <ip> Added by Fail2Ban for <name>
actionunban = csf -dr <ip>
[Init]
name = default
Code:
[exim]
enabled = true
filter = exim
action = csf-ip-deny[name=exim]
sendmail-whois[name=exim]
logpath = /var/log/exim_mainlog
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| M | Very high CPU loads from brute force attempts - CSF/LFD | Security | 14 | |
| S | CSF TCP Ports | Security | 3 | |
|
csf does not BAN ip for all rules. some rules just blocked on modsec, other rules ban IP | Security | 7 | |
| D | CSF keeps blocking IP addresses of customers. | Security | 8 | |
|
CSF, WPFail2Ban, Litespeed | Security | 2 |