The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem with cpanel license

Discussion in 'Security' started by raicabogdan, Sep 3, 2010.

  1. raicabogdan

    raicabogdan Member

    Joined:
    May 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,
    I have Cpanel/whm installed on one server and I have problem with one user (or so I think). He is trying to hack the server, the thing is I blocked so far more than 40 IPs. The problem still persists.
    I've installed mod_security and csf firewall and the problem is almost solved, however, I want to deny all access except my IP from the the main IP of the server.

    I done that from the csf deny server IPs, but doing this will cause the cpanel license to :
    Can someone provide a better explanation on how to do this ?

    Thank you.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What problem exactly?

    Good call.

    Why, if you don't mind me asking?

    Do what, get the servers IP licensed?
     
  3. raicabogdan

    raicabogdan Member

    Joined:
    May 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for your interest.

    The problem is that he is trying the hack whm/cpanel server.

    Here is just a portion of the apache log.

    Code:
    Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/w00tw00t.at.blackhats.romanian.anti-sec:)
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/scripts
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/w00tw00t.at.blackhats.romanian.anti-sec:)
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/scripts
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/scripts
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    [Thu Sep 02 13:57:08 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    [Thu Sep 02 13:57:09 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    [Thu Sep 02 13:57:09 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    [Thu Sep 02 13:57:09 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    [Thu Sep 02 13:57:09 2010] [error] [client 213.142.139.152] File does not exist: /usr/local/apache/htdocs/admin
    I know I shouldn't have any problems sinces the error status is 404, file not found, but last week the php configuration was all messed up. I had to recompile apache to get things back.

    I was thinking that if I can block all access to the main server except my IP, the problem with this user will be solved.

    Yes, I want to get the IP server licensed but I'm not sure what I'm doing wrong.

    In csf, at lfd Dynamic DNS I have:
    Code:
    rdate.cpanel.net
    layer2.cpanel.net
    rsync.cpanel.net
    httpupdate.cpanel.net
    cpanel.net
    layer1.cpanel.net
    Any ideeas ?
    Thanks
     
  4. raicabogdan

    raicabogdan Member

    Joined:
    May 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    One moderator, please check the moderation page and if all is ok, please approve my previous post.

    Thanks
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That snip of your logs shows a bot, probably, scanning your server for things it can mess with, basically. And, while this is annoying making sure you're protected, is pretty much all you can do for this.

    You would never have anything installed here:
    /usr/local/apache/htdocs/

    As for CSF, what you're doing is wrong there. Dynamic DNS is for a specific need, say a home server running CSF on webmin as one example. On your live server with a public IP you wouldn't be using that Dynamic DNS tool.

    In CSF there's this note you'll want to know about:

    "If you do not want lfd to block an IP address you must add it to csf.ignore"

    So, you'd scroll down the main page of CSF to the bottom where it says "Edit LFD Ignore File" select csf.ignore - IP Blocking and click edit.

    All IPs, not domain names, will be ignored completely if added here.

    Be sure to restart the firewall after editing.
     
  6. raicabogdan

    raicabogdan Member

    Joined:
    May 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the info. I really appreciate.
     
Loading...

Share This Page