The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to stop cPanel cron that add iptables rules?

Discussion in 'Security' started by Simsim, Oct 3, 2014.

  1. Simsim

    Simsim Member

    Joined:
    Jan 25, 2012
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello all
    (you can directly jump to the problem section below)

    My server is being attacked everyday since long time. After I did comprehensive research I found the problem. They are making DOS attack from time to time. unhappy user, spams I don't know ..

    I tried to attack my server by myself.. It was really surprising that how easy to break the server. Simple DOS attack tool can cause Apache/PHP busy to serve DOS requests until the server become unresponsive.

    This is usual case right ? all famous websites have this problem .. and its solution is simple.. It is the firewall (iptables in my case) to stop DOS attack.

    I create my custom iptables rules by myself. after comprehensive studying to iptables capabilities and testing on my test server while allowing all the port that is needed by cPanel which is listed in this page:

    Getting the most out of your system's firewall. | cPanel, Inc.

    I made very strong rules .. which I am happy to apply. efficient , strong and exactly what my website need. I don't need the service of CSF or whatever which is created for general purposes.

    The problem:
    ******************************************
    I want to disable the iptables rules that are injected by cPanel every while . cPanel insert these rules via cronjob. I am sure about that because every time I --flush iptables rules (and put my rules), cPanel insert its rules after a while.

    The chain name that is added by cPanel is "acctboth" which cause all my custom protection to cease function. I will NOT use ConfigServer. I am very happy with my own rules which I created after long days of studying/thinking/testing.

    Thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate further on why you prefer to avoid a firewall management application such as CSF? It's really helpful in ensuring that custom rules are saved and preserved. Also, when making custom iptables rules, are you saving them via the "/etc/init.d/iptables save" command?

    Thank you.
     
  3. Simsim

    Simsim Member

    Joined:
    Jan 25, 2012
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for quick response

    I know CSF is great, reliable, integrated with cPanel. Any way CSF is created for general purposes, while I have custom requirements, Yes I know I can reconfigure CSF by editing the conf file so I (maybe) can enforce own iptables rules. but this is really complex I think.

    Example, In my requirements, I heavily depend on iptables recent module, while I can instruct CSF to utilize the recent capability, But I am restricted in what can I add

    I created my rules that enable me to distinguish attacks, ban IPs dynamically that behave strangely or maliciously , white-list myself by using port knocking, create very sophisticated rules while maintain acceptable level of performance since recent module is CPU intensive.

    I have to study CSF very well so I can change its behavior as I want exactly. But in that case It is better that I just do NOT use it.

    Actually I have script (sh file) that when I run it do the following:

    1- delete all the existing rules and allowing everyone
    2- Apply my own iptables rules and chains on fly

    I don't need to "save" since I can make this script run at the startup so all my iptables rules are enforced. And unless iptables is restarting, no one will look at the iptables original conf file.

    This working great. The only problem is that something is insert a chain called "accboth" every few minutes and this of course happen through the crontab that execute a script just like mine (this is my conclusion) which insert this chain at the beginning.

    The added chain, accboth, do nothing actually, It is just allowing everything to come and go without any restriction. that's why it need to be disabled if anyone want to enforce his own iptables rules.

    Thanks
     
    #3 Simsim, Oct 3, 2014
    Last edited: Oct 3, 2014
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can disable the "bandmin" cron jobs using the "crontab -e" command, as it's those cron jobs that add the iptables rules you are referring to. Bandmin is not required, and is provided as an additional application to track traffic from IRC servers, game servers, or other types of servers.

    Thank you.
     
  5. Simsim

    Simsim Member

    Joined:
    Jan 25, 2012
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you very much
     
Loading...

Share This Page