Disable lfd email alerts for whitelisted IP?

USA_Webmaster

USA_Webmaster

Well-Known Member
Dec 10, 2015
68
12
58
USA
cPanel Access Level
Root Administrator
I was trying to reply to this thread but forums locked old post -- Viewing Successful Root Login Log

---

Hey @cPanelMichael :-D

I just checked WHM >> cPHulk Brute Force Protection Whitelist Management tab for VPS WHMCS IP and it's already listed. Why am I still getting email alert lfg WHM/cPanel root access alert from the whitelisted IPs? In the Configuration Settings tab I scroll to very bottom, and all three checkboxes are checked.

Am I not understanding something correctly? I do not wish to receive lfd email alert from whitelisted IP root logins. Should I uncheck those email boxes, save and restart lfd and cPHulk services?

I'm not using gmail for email alerts, just the self hosted email account that is hosted on the same WHM/cPanel server.

1. Send a notification upon successful root login when the IP address is not on the whitelist
2. Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock
3. Send a notification when the system detects a brute force user

Thanks for your attention,

p.s. - I SSH grep "root" /usr/local/cpanel/logs/access_log and everything looks just fine... now... to just get rid of LFD email alerts... :rolleyes:
 
GOT

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,774
328
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
This is not coming from cPanel. It's coming from your lfd configuration. Open the firewall config and look for the ssh alert setting
 
  • Like
Reactions: USA_Webmaster
USA_Webmaster

USA_Webmaster

Well-Known Member
Dec 10, 2015
68
12
58
USA
cPanel Access Level
Root Administrator
Thanks for rapid response and attention buddy...

So your saying that both CSF LFD & cPHulk do the same job in somethings... like alerts in this case? Is one service better than the other... or more superior?

Home » Plugins » ConfigServer Security & Firewall and I clicked Firewall Configuration than click "off" and saved + restarted. Will cPHulk still notify me if I have a security breach in the future? Like someone logs into root NOT on the whitelisted IP?

- Removed -
 
Last edited by a moderator:
GOT

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,774
328
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
We generally turn off CPHulk when we are using LFD because by and large they overlap a lot. The setting in LFD to turn those notices off is

LF_SSH_EMAIL_ALERT = "0"

However, it does not discriminate between whitelisted IPs or not. The notices are either on or off.
 
  • Like
Reactions: cPanelMichael
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,261
463
Hello @USA_Webmaster,

cPHulk and CSF/LFD are two separate applications. cPHulk is included as part of cPanel & WHM and is used to help prevent brute force attacks on the system. CSF/LFD is a third-party firewall management application. There is some overlap, but CSF/LFD performs more than just brute force detection. You can see all of it's features at:

ConfigServer Security & Firewall (csf)

Thank you.
 
  • Like
Reactions: USA_Webmaster
E

eugenevdm.host

Well-Known Member
Oct 21, 2019
81
11
8
Cape Town
cPanel Access Level
DataCenter Provider
Bump?

@cPanelLauren I would like some official feedback about running multiple firewalls and WHM as it seems redundant and more complex and unscalable if you're running many accounts.

Does GoDaddy use CSF, anyone knows? That is a scalable business and by all accounts they can't be on the phones the whole asking people what their IPs are and unblocking them.
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
15,261
2,432
363
cPanel Access Level
Root Administrator
Hey there, @eugenevdm.host

Previously when this has come up we have always recommended running both:

forums.cpanel.net

SOLVED - cPHulk with CSF?

I want to make 2 questions: 1- Is good tactic to have both cPHulk and CSF enable? I setup csf to block SMTP, IMAP, POP3 attempts! So is good choice to have also cPHulk run? 2- If cPHulk blogs a bruteforce attack for an email is possible no one (include legitimate users) can't login to emails...
forums.cpanel.net forums.cpanel.net
forums.cpanel.net

SOLVED - Using cPHulk and CSF Together?

Decided to turn on CpHulk today as we just used CSF mainly and found cpHulk blocking some brute force attacks that CSF is not finding. Looks like it improved alot. Do you guys recommend we still stick with CSF and just find the cause or is using both better now? or just cphulk Lastly here is...
forums.cpanel.net forums.cpanel.net
forums.cpanel.net

More about using cPhulk with CSF/LFD together

Quoting from an old thread that can no longer accept new posts at SOLVED - Using cPHulk and CSF Together? Naaa just started it. No changes whatsoever. I'm thinking of adding this to command text "csf --tempdeny %remote_ip% 3600" Then when bruteforce is picked up with Cphulk it does not block...
forums.cpanel.net forums.cpanel.net

I'd recommend both even though there is a bit of overlap, but it's really personal preference.

And yes, after working at a hosting provider for many years before I came to cPanel, I promise there are many, many "please unblock my IP" calls :D
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
U How to access WHM panel with Disabled root user Security 5
B AutoSSL / Wildcard / Error? / Can't Disable Request? Security 16
B How to disable annoying Imunify::Generic emails in WHM 108? Security 9
knightmare Disable all LFD notifications? Security 5
N How to disable send an email: lfd on server: Suspicious process running under user Security 3
Similar threads
How to access WHM panel with Disabled root user
AutoSSL / Wildcard / Error? / Can't Disable Request?
How to disable annoying Imunify::Generic emails in WHM 108?
Disable all LFD notifications?
How to disable send an email: lfd on server: Suspicious process running under user
Top Bottom