SOLVED How does blacklisting countries in cphulk work ?

I use both cPHulk and CSF/LFD and there are defiantly differences between the two applications as to where they think an IP comes from.

I know that CSF/LFD use MaxMind GeoLite2 databases, and I personally have set it to update every 14 days.

Now I see eg IPs that LFD thinks is on the UK, being flagged as being in Germany by cPHulk.

I did ask in another post on this forum if cPanel would disclose what geo-location database is being used by cPHulk, and how often it was updated ...... but I don't think it was ever answered.

Don't forget that cPHulk blacklisting (IP or Country) will only block attempts to log in to your server (any of the services) but it does not block the IP from connecting and trying.

 

Hi cPanelMichael

So if I am certain that I only login to the Server from US, so can I safely conclude that I can Blacklist all Countries except US?

If user were to travel overseas to say Austria and that Austria is currently being blacklisted in the Countries Management in cPHulk, can the user currently in Austria able to login with his/her credential into cPanel as well as access to his/her email?

Thanks.

 

It is not only you that would be limited to logins only from the US, but all your customers as well.

cPHulk blocks the following logins

• cPanel services (Port 2083).
• WHM services (Port 2087).
• Mail services (Dovecot and Exim).
• The PureFTPd service.
• Secure Shell (SSH) access.

If you have blocked all country access other than from the US, when your US customer travels to Austria, they would be blocked from logging into any of the services listed above.

Full details from cPHulk Brute Force Protection - Version 74 Documentation - cPanel Documentation

 

Hi rpvw.

Thank you for your detail explanation.