Disable lfd email alerts for whitelisted IP?

USA_Webmaster

Well-Known Member
Dec 10, 2015
49
5
8
USA
cPanel Access Level
Root Administrator
I was trying to reply to this thread but forums locked old post -- Viewing Successful Root Login Log

---

Hey @cPanelMichael :-D

I just checked WHM >> cPHulk Brute Force Protection Whitelist Management tab for VPS WHMCS IP and it's already listed. Why am I still getting email alert lfg WHM/cPanel root access alert from the whitelisted IPs? In the Configuration Settings tab I scroll to very bottom, and all three checkboxes are checked.

Am I not understanding something correctly? I do not wish to receive lfd email alert from whitelisted IP root logins. Should I uncheck those email boxes, save and restart lfd and cPHulk services?

I'm not using gmail for email alerts, just the self hosted email account that is hosted on the same WHM/cPanel server.

1. Send a notification upon successful root login when the IP address is not on the whitelist
2. Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock
3. Send a notification when the system detects a brute force user

Thanks for your attention,

p.s. - I SSH grep "root" /usr/local/cpanel/logs/access_log and everything looks just fine... now... to just get rid of LFD email alerts... :rolleyes:
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,569
221
343
Chesapeake, VA
cPanel Access Level
DataCenter Provider
This is not coming from cPanel. It's coming from your lfd configuration. Open the firewall config and look for the ssh alert setting
 
  • Like
Reactions: USA_Webmaster

USA_Webmaster

Well-Known Member
Dec 10, 2015
49
5
8
USA
cPanel Access Level
Root Administrator
Thanks for rapid response and attention buddy...

So your saying that both CSF LFD & cPHulk do the same job in somethings... like alerts in this case? Is one service better than the other... or more superior?

Home » Plugins » ConfigServer Security & Firewall and I clicked Firewall Configuration than click "off" and saved + restarted. Will cPHulk still notify me if I have a security breach in the future? Like someone logs into root NOT on the whitelisted IP?

- Removed -
 
Last edited by a moderator:

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,569
221
343
Chesapeake, VA
cPanel Access Level
DataCenter Provider
We generally turn off CPHulk when we are using LFD because by and large they overlap a lot. The setting in LFD to turn those notices off is

LF_SSH_EMAIL_ALERT = "0"

However, it does not discriminate between whitelisted IPs or not. The notices are either on or off.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,248
363
Hello @USA_Webmaster,

cPHulk and CSF/LFD are two separate applications. cPHulk is included as part of cPanel & WHM and is used to help prevent brute force attacks on the system. CSF/LFD is a third-party firewall management application. There is some overlap, but CSF/LFD performs more than just brute force detection. You can see all of it's features at:

ConfigServer Security & Firewall (csf)

Thank you.
 
  • Like
Reactions: USA_Webmaster