How to Find the IP Blocked by the Firewall in WHM?

ccw

Registered
Apr 20, 2019
2
0
1
China
cPanel Access Level
Root Administrator
Hi,

If an IP is blocked by the firewall on the server. How can I know the specific IP address being blocked in the web-based WHM system?

Thanks
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,743
306
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
No indication what firewall it is?

In shell you can run

iptables --list --numeric |grep DROP

And that should give you a list of blocked ips regardless of which control software is running.
 

RoseHosting

Member
PartnerNOC
Jan 3, 2003
21
2
153
You can run this command:

iptables -nvL | grep 1.2.3.4

Replace 1.2.3.4 with the actual IP address you want to find.
 

DallasClarke

Member
Nov 7, 2020
10
0
1
Australia
cPanel Access Level
Root Administrator
Hi CpanelLauren,
I have been using CSF for a while now, and I only see 219 IP's blocked.
I am disappointed that CSF is not permanently blocking them.
Firewall Deny IPs, only shows today's blocked IPs.
Where are the rest of the blocked IPs gone?
 

DallasClarke

Member
Nov 7, 2020
10
0
1
Australia
cPanel Access Level
Root Administrator
OK I had to go to /etc/csf/csf.conf file and change settings there.
Wont hold any changed settings in cpanel.

Set to 0 to disable limiting
DENY_TEMP_IP_LIMIT = 0
DENY_IP_LIMIT = 0
 
Last edited:

DallasClarke

Member
Nov 7, 2020
10
0
1
Australia
cPanel Access Level
Root Administrator
A website like mine has 100's of cyber attacks daily.
Wish CSF was able to handle more IP's instead of reaching a limit then just deleting older IP's in the system.
I would not keep getting attcked if CSF did its job permanently blocking IP's without a limit.
I have changed it to no limit, but I still do not trust CSF to hold up to it, in practice.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,977
376
213
cPanel Access Level
Root Administrator
@DallasClarke - sorry to hear about those issues! When a thread is more than a year old it's likely best to make your own to make sure it gets seen by the most people.

If you are frequently seeing a large number of IPs being blocked, it might be better to block with country codes rather than expand the deny list. I also recommend reaching out to CSF directly through their support team or their forums at ConfigServer Community Forum - Index page to get more specific details on that and interact with their developers.
 

dbltoe

Registered
Oct 26, 2010
1
2
50
@DallasClarke - You did fine with the DENY_IP_LIMIT to zero. However, setting DENY_TEMP_IP_LIMIT to zero turns off the whole process. That's why it wasn't working for you.
Looks like CSF settings have disappeared in cpanel after I edited and replaced csf.config
IP LIMITS settings have not changed either.
"Enable login failure detection daemon (lfd). If set to 0 none of the
following settings will have any effect as the daemon won't start. "