Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Disable lfd email alerts for whitelisted IP?

Discussion in 'General Discussion' started by USA_Webmaster, Oct 30, 2018.

Tags:
  1. USA_Webmaster

    USA_Webmaster Well-Known Member

    Joined:
    Dec 10, 2015
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I was trying to reply to this thread but forums locked old post -- Viewing Successful Root Login Log

    ---

    Hey @cPanelMichael :-D

    I just checked WHM >> cPHulk Brute Force Protection Whitelist Management tab for VPS WHMCS IP and it's already listed. Why am I still getting email alert lfg WHM/cPanel root access alert from the whitelisted IPs? In the Configuration Settings tab I scroll to very bottom, and all three checkboxes are checked.

    Am I not understanding something correctly? I do not wish to receive lfd email alert from whitelisted IP root logins. Should I uncheck those email boxes, save and restart lfd and cPHulk services?

    I'm not using gmail for email alerts, just the self hosted email account that is hosted on the same WHM/cPanel server.

    1. Send a notification upon successful root login when the IP address is not on the whitelist
    2. Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock
    3. Send a notification when the system detects a brute force user

    Thanks for your attention,

    p.s. - I SSH grep "root" /usr/local/cpanel/logs/access_log and everything looks just fine... now... to just get rid of LFD email alerts... :rolleyes:
     
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,337
    Likes Received:
    139
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    This is not coming from cPanel. It's coming from your lfd configuration. Open the firewall config and look for the ssh alert setting
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    USA_Webmaster likes this.
  3. USA_Webmaster

    USA_Webmaster Well-Known Member

    Joined:
    Dec 10, 2015
    Messages:
    48
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Thanks for rapid response and attention buddy...

    So your saying that both CSF LFD & cPHulk do the same job in somethings... like alerts in this case? Is one service better than the other... or more superior?

    Home » Plugins » ConfigServer Security & Firewall and I clicked Firewall Configuration than click "off" and saved + restarted. Will cPHulk still notify me if I have a security breach in the future? Like someone logs into root NOT on the whitelisted IP?

    - Removed -
     
    #3 USA_Webmaster, Oct 30, 2018
    Last edited by a moderator: Oct 30, 2018
  4. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,337
    Likes Received:
    139
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    We generally turn off CPHulk when we are using LFD because by and large they overlap a lot. The setting in LFD to turn those notices off is

    LF_SSH_EMAIL_ALERT = "0"

    However, it does not discriminate between whitelisted IPs or not. The notices are either on or off.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @USA_Webmaster,

    cPHulk and CSF/LFD are two separate applications. cPHulk is included as part of cPanel & WHM and is used to help prevent brute force attacks on the system. CSF/LFD is a third-party firewall management application. There is some overlap, but CSF/LFD performs more than just brute force detection. You can see all of it's features at:

    ConfigServer Security & Firewall (csf)

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    USA_Webmaster likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice