The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Looking for a way to do CC lookups on the fly?

Discussion in 'Security' started by jols, Feb 15, 2013.

  1. jols

    jols Well-Known Member

    Mar 13, 2004
    Likes Received:
    Trophy Points:
    The result I am needing here is to use a command like:
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    ... then to have each IP in the list coupled with a country code. This is so I could see at a glance if we have IPs hitting the server from Vietnam, Russia, China, etc.

    Does anyone know of such a method or script command that CSF would pull up this kind of a listing on-the-fly?

    By the way, we do use CSF and I know CSF uses geo lookups. But I am not sure how to combine this feature with a netstat-line readout like the above.

    Otherwise, I am hesitant to install Maxmind's geo lookup tool because it would seem to slow down the server with geolookups on all connections to the server. So I'm just hoping for a netstat-like readout with geolookups on the fly, but only for the IPs which are currently hitting the server.

  2. georgeb

    georgeb Well-Known Member

    May 23, 2010
    Likes Received:
    Trophy Points:
    Montreal, QC, Canada
    cPanel Access Level:
    Root Administrator
    I am using GeoIP.dat database and mod_geoip and nothing is slowing down. (GeoIP.dat from MaxMind). Using CC from CSF will load the server pulling out all the ip's. I can easy do a redirect or give a 403 to any ip from high risk countries, or to block in CSF.

    George B.
    #2 georgeb, Feb 15, 2013
    Last edited: Feb 15, 2013
  3. cPanelJamyn

    cPanelJamyn Social Engineer
    Staff Member

    Jan 29, 2009
    Likes Received:
    Trophy Points:
    As georgeb noted, mod_geoip should not slow down your server. It doesn't query a remote database - it uses a local db for lookups, and you can optionally cache the entire thing in memory. Using mod_geoip (Docs) would be more reliable and likely much faster than a custom-made solution.

Share This Page