The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How can I permanently block IP?

Discussion in 'Security' started by Forcerdj, Jun 25, 2015.

  1. Forcerdj

    Forcerdj Well-Known Member

    Joined:
    Nov 30, 2009
    Messages:
    60
    Likes Received:
    1
    Trophy Points:
    8
    I know this functionality exists in CSF but when server gets hit with distributed email attack it could be hundreds of IPs every minute, CSF blocks them but doesn't take long to hit the limit which would unblock them again.

    Increasing the limit won't do much because there is just too many IPs, any limit will be hit rather quickly.

    Is there a way I can permanently block these IPs?
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The chances are that these are zombies, which like a virus will propogate, so blocking them permanently would be a wasted effort.
    Besides If there are too many IP's then how would you know which ones to permanently block.
    Personally, I'd increase the block count in CSF until they go away.
    or if you can see a country pattern, use a Country Code block for a day or two.
     
    #2 keat63, Jun 26, 2015
    Last edited: Jun 26, 2015
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Your answer is in the documentation of csf.deny:

    # Note: If you add the text "do not delete" to the comments of an entry then
    # DENY_IP_LIMIT will ignore those entries and not remove them

    Simply append 'do not delete' somewhere on the deny line, i.e.
    Code:
    123.123.123.123 # do not delete
    
     
  4. Mangoose

    Mangoose Member

    Joined:
    Aug 5, 2014
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Are you not actually doing that 'do not delete' by adding an IP to the blacklist in the
    cPHulk Brute Force Protection
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    cPHulk and CSF are two separate entities. Not everyone that uses CSF enables cPHulk, but yes it's true you can add an IP address to the black list in cPHulk if you want to block it in cPHulk permanently..

    Thank you.
     
Loading...

Share This Page