The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

csf configuration?

Discussion in 'General Discussion' started by Zion Ahead, Feb 24, 2007.

  1. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    My environment:

    cpanel / whm
    shared and reseller accounts (300+ domains)
    secure only ports for cpanel/whm/webmail

    Problem:

    Seems like too often people get blocked out of firewall for ftp, webmail, pop3 or webmail. I'm not sure what to do without sacrificing good security measures.

    Attached is my configuration for CSF (chirpy's firewall)
     

    Attached Files:

    • csf.txt
      File size:
      21.6 KB
      Views:
      196
  2. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hopefully I am right :

    # [*]Enable login failure detection of cpanel, webmail and whm connections. This
    # will only work for access to non-secure ports as cPanel doesn't know the IP
    # address of the user when connection over SSL due to the way stunnel works
    LF_CPANEL = "5"

    Increase this value; but this is no solution; but a compromise.
     
  3. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    If it's mostly users who can't remember their passwords and continually hammer away with guesses... well, the csf/lfd is doing what it is supposed to and the users need educating. If some of them have fixed IPs, you could add them to the ignore/allow lists.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Educate them is the best bet. Tell them that if they repeatedly use the wrong password they look like hackers to the server.
     
  5. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    I agree. Err on the side of caution. Once this happens to a customer once or twice, they usually learn to not do it again. :)
     
  6. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Especially if you make them wait half a day or so before you release the block ;)
     
  7. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Exactly. :)
     
  8. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Even that doesn't work for some. It's when the bill goes out for 'extra tech support' that they start to think twice. Or they put pressure on the mitten handed wonders who can't type their password correctly. When they complain about the charge, I simply point out that the first few times were no charge, but the other 20 times for the week were a bit much.
     
  9. procam

    procam Well-Known Member

    Joined:
    Nov 24, 2003
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    Autopilot

    I continue to get blocked by one of my own servers even tho my ip is in the allow list , if I get going clicking too fast in my auto pilot software BAM server blocks me for having too many connections :( Why does it do this even tho my ip is in the allow list and what can I do to prevent it >?
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Because you should be listing it in csf.ignore

    lfd = csf.ignore (which is blocking you)
    csf = csf.allow (allowed IP's in iptables, not used by lfd)
     
Loading...

Share This Page