Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Googles IP are whitelisted, why and where?

Discussion in 'Security' started by Wabun, Jan 31, 2017.

Tags:
  1. Wabun

    Wabun Well-Known Member

    Joined:
    Oct 6, 2012
    Messages:
    68
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Antwerpen
    cPanel Access Level:
    Root Administrator
    Hi there,

    since 22nd of Jan Google has performed an infrastructure update and many customer accounts are going over their bandwidth because Google is slurping like a mad dog!

    I have added a rule in mod-security to stop google-images but at no effort, it is completely ignored, is cPanel having somewhere their [Google IP nets] white-listed in cPanel, if so where as it is going wrong....

    Any help much appreciated

    Jan 31 15:40:19 lfd[393974]: mod_security (id:150) triggered by 66.249.64.1 - ignored
    Jan 31 15:40:24 lfd[393974]: mod_security (id:150) triggered by 66.249.64.238 - ignored
    Jan 31 15:40:44 lfd[393974]: mod_security (id:150) triggered by 66.249.64.197 - ignored
    Jan 31 15:42:35 lfd[393974]: mod_security (id:150) triggered by 66.249.64.242 - ignored
    Jan 31 15:42:45 lfd[393974]: mod_security (id:150) triggered by 66.249.64.251 - ignored
    Jan 31 15:44:50 lfd[393974]: mod_security (id:150) triggered by 66.249.64.192 - ignored
    Jan 31 15:45:00 lfd[393974]: mod_security (id:150) triggered by 66.249.64.238 - ignored
    Jan 31 15:45:11 lfd[393974]: mod_security (id:150) triggered by 66.249.76.51 - ignored
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the specific rule you added and how you added it? Also, are you using any third-party Mod_Security rules (e.g. OWASP)?

    Thank you.
     
  3. Wabun

    Wabun Well-Known Member

    Joined:
    Oct 6, 2012
    Messages:
    68
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Antwerpen
    cPanel Access Level:
    Root Administrator
    Hi,

    This is the rule:
    SecRule HTTP_User-Agent "Googlebot-Image/1.0" " deny,log,status:403,id:'150'"
    No third party installed, just my own rules.

    Just have the feeling that the Updating Common Mail Providers list is playing a role in allowing Google. Grey-listing is disabled to be sure it's not in the way.

    Also stopped and started the firewall, no more ideas....
     
    #3 Wabun, Feb 1, 2017
    Last edited: Feb 1, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The Greylisting feature only affects the Exim service and would not affect the firewall or Mod_Security rules on the system.

    The output you provided in your initial post is from the CSF/LFD application. You can review the /etc/csf/csf.ignore file to see if you have configured LFD to ignore those IP addresses.

    Thank you.
     
  5. Wabun

    Wabun Well-Known Member

    Joined:
    Oct 6, 2012
    Messages:
    68
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Antwerpen
    cPanel Access Level:
    Root Administrator
    Thanks, that file is empty...
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You may also want to review the /etc/csf/csf.allow file. Otherwise, you'd need to review your existing Mod Security rules to see if any of the rules include exceptions for those IP addresses.

    Thank you.
     
  7. Wabun

    Wabun Well-Known Member

    Joined:
    Oct 6, 2012
    Messages:
    68
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Antwerpen
    cPanel Access Level:
    Root Administrator
    Found it, it was in the file

    /etc/csf/csf.rignore
     
    #7 Wabun, Feb 3, 2017
    Last edited: Feb 3, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.
     

Share This Page