More about using cPhulk with CSF/LFD together

Quoting from an old thread that can no longer accept new posts at SOLVED - Using cPHulk and CSF Together?

I know this is an old topic, but I've just recently decided to try keeping cPhulk enabled along with CSF/LFD (I've always had it disabled, thinking that there might be some conflict and not wanting to take the chance).

So @sahostking - I'm just wondering if this configuration is still working well for you, and if adding:

Code:

csf --tempdeny %remote_ip% 3600

to your cPhulk command text is all you needed to do to get the results you want, without further modification.

I was going to PM @sahostking but it looks like they have PM's disabled, so I'm bringing this old topic back up instead, hoping you might have a moment to provide a little more feedback on your experience of using cPhulk and CSF/LFD simultaneously.

Thanks very much for any input, from anyone!

 

Thank you very much for the response / feedback.

The main thing I want to avoid is ending up with duplicate entries for blocks in iptables, but also I'm trying to make sure things are configured so that the more powerful features / alerts from CSF/LFD which help identify the reason for a block continue to work that way. I understand that cPhulk has much improved over the years and is beneficial, and basically just don't want it stepping on CSF's toes so to speak. (I also want to avoid entire company accounts from getting blocked from their email over a remote attack of course).

So since I consider CSF/LFD my "main" line of defense and method for getting the detailed info I need about specific block reasons and attacker info etc... I've configured cPhulk as follows:

Username-based Protection - DISABLED (since apparently remote attacks can cause legitimate users from being blocked from their email access).

IP Address-based Protection - ENABLED (10 minutes, 7 failures since CSF is set to 5) and DISABLED the "Block IP addresses at the firewall level" , since again I perceive that to be CSF/LFD's main purpose.

Maximum Failures per IP Address before the IP Address is Blocked for One Day - set to 20, no command text, and DISABLED the "Block IP addresses at the firewall level" for same reasons mentioned above.

If I'm thinking correctly - this should allow the main benefits of cPhulk to exist and work, but without interfering with my CSF/LFD settings or it doing it's job the way it normally would.

If I'm assuming anything incorrect with the above settings I'd like to know.

I'm really open to all opinions on this topic because cPhulk is new territory for me, as I've had it disabled and only used CSF/LFD/CXS for many years now.

Thanks for any further input from anyone, much appreciated.

 

Thank you for the feedback @cPanelLauren , every little bit is helpful.