NixTree
Well-Known Member
I recommend CSF as it works pretty well than fail2ban and designed to work fine with cPanel.
Last edited:
As mentioned above, if you are using cPanel, then csf would be better because you can manage it graphically from WHM>>Plugins. Fail2ban is also good for cPanel servers if you know how to use commands via shell. Fail2ban now include monitoring of log files for almost all services.
Cheers!!!
Cheers!!!
I use CSF and Fail2Ban together all the time. All you need to do is create an action for Fail2Ban that feeds <host> to CSF and let CSF do all the rule writing. Here's what I use:
/etc/fail2ban/action.d/csf-ip-deny.conf:
Then in your jail.conf just put something like this:
For most things it's pointless, since LFD does a nice job of watching the major things that people use Fail2Ban for; but for custom actions and filters it's pretty nice to have them work in tandem.
/etc/fail2ban/action.d/csf-ip-deny.conf:
Code:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = csf -d <ip> Added by Fail2Ban for <name>
actionunban = csf -dr <ip>
[Init]
name = default
Code:
[exim]
enabled = true
filter = exim
action = csf-ip-deny[name=exim]
sendmail-whois[name=exim]
logpath = /var/log/exim_mainlog
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| G | CSF's CC_ALLOW_FILTER blocking cURL | Security | 1 | |
| G | LFD keeps failing, now I see that /usr/sbin/csf and lfd have been modified | Security | 4 | |
| J | CSF csf.pignore syntax for suspicious process | Security | 4 | |
| W | csf.pignore - ignore a wget command | Security | 1 | |
|
CSF, WPFail2Ban, Litespeed | Security | 2 |