The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Prevent abuse of outgoing traffic for ports 80 and 443

Discussion in 'Security' started by Rodrigo Gomes, Feb 28, 2017.

Tags:
  1. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    66
    Likes Received:
    16
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    I've created the rule below to protect against abuse on outbound traffic. But I wonder if this rule will not break the cpanel in any way?

    Code:
    /sbin/iptables -N OUT_DOS_ATTACK
    /sbin/iptables -A OUTPUT -p tcp -m multiport --dport 80,443 --syn -m connlimit --connlimit-above 50 -j OUT_DOS_ATTACK
    /sbin/iptables -A OUT_DOS_ATTACK -j LOG --log-prefix "OUT_DOS_ATTACK: " --log-level 6
    /sbin/iptables -A OUT_DOS_ATTACK -j DROP
    This rule limits the outbound connection to ports 80 and 443.
    I appreciate if anyone knows if there is a better way to protect outbound traffic, or if I should add more ports!
     
  2. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    66
    Likes Received:
    16
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    A few minutes running this rule I see this:

    Cpanel IP: 50.115.17.252

    Is there any secure connection limit value or should I abandon this rule?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    33,397
    Likes Received:
    922
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    66
    Likes Received:
    16
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello Michael!

    Actually I'm not having issues.
    I made this rule as a prevention because I do not want my server to make too many outbound connections.
    I know I need to allow some output connections for normal system operation.
    So I'd like to implement a limit that does not break the cpanel in any way.

    And I would also like other opinions about this from the community.
    Currently CSF allows the following outbound connections by default:

    That's a lot of ports, is it really necessary? Can I block some of these outgoing ports or limit the amount of connections to it?

    I'm setting up a server that will host many shared websites.
    That way I want to tighten your security to avoid abuses that could harm the reputation of our IP.

    Let me know if I'm being too paranoid! And if it is better to abandon this rule. I will really appreciate another opinion on this subject.
    As always, thank you!
     
    #4 Rodrigo Gomes, Mar 1, 2017
    Last edited: Mar 2, 2017
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    33,397
    Likes Received:
    922
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page