The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

recommended CSF block/allow settings

Discussion in 'Security' started by splaquet, Jan 30, 2013.

  1. splaquet

    splaquet Member

    Joined:
    Sep 24, 2008
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Springfield, Massachusetts, United States
    I use CSF and absolutely love what it offers. I was wondering if there a page somewhere with recommended block/allow settings per server design? I run a server with all sorts of clients on it. I find that some users end up blocking themselves because they've forgotten their passwords. i also find that sometimes clients end up blocking themselves when trying to setup their imap/pop accounts on a local client, not getting the settings just right for some reason or another. i currently have blocks set to where i think they're good, but i'd love to see a page of recommended settings for a commercial server setting. does anyone have any leads on a page like that? i can't seem to find one via search. not sure if i'm using the wrong search terms or what have you, but i just can't seem to find anything on cPanel forums or CSF forums.

    Anyone have any suggestions?
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We have a list of ports that need to be open in order for cPanel and its services to work:

    Getting the most out of your system's firewall. | cPanel, Inc.

    Beyond that, however, it sounds like you are really asking about lfd more than csf (since lfd is what actually blocks users based on log-in failures), and while many users here do use lfd, you might have better luck asking on ConfigServer's forum.
     
  3. jakesully

    jakesully Well-Known Member

    Joined:
    Nov 9, 2011
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    make sure you add clients ip into whitelist so CSF will stop blocking the clients because they failed to login to meny times or so :) once you added them to the whitelist the CSF should no longer block the client even if client does to meny fail logins it will not block them.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Do not add clients to the whitelist. If they're getting blocked, they'll need to learn not to. There are settings in CSF to do temp bans, I personally don't use them, but you might.
     
  5. jakesully

    jakesully Well-Known Member

    Joined:
    Nov 9, 2011
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    most companys does add clients to whitelist otherwise customers leaves the company since they keep being blocked just because they did a incorrect login by mistake with a spelling thats wrong or something.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Maybe. But what if that clients computer is compromised? If you whitelist, he has full run of whatever he can get his hands on.
     
  7. jakesully

    jakesully Well-Known Member

    Joined:
    Nov 9, 2011
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    well that doesent mather if he is not whitelisted either the person who compromised the persons pc would get in anyway no mather what all he needs is username and password and he is in, so it doesen't make a big deal if persons ip is whitelisted or not.
     
  8. splaquet

    splaquet Member

    Joined:
    Sep 24, 2008
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Springfield, Massachusetts, United States
    is there an easy way to collect client's IP addresses? 'is there an app for that' ;) unless i'm missing something, the only way i can think of doing it would be to look into the logs and manually find/add. on top of that, most people don't have static IPs. they'll stay the same for a long time, but change when you lease expect it. any suggestions there?

    i have things setup (i believe) with the firewall so that a person, even with proper credentials can only do so much damage (if any). that's the route i think i'm going to take, but I'm looking for a tried and tested solution from some peers here.
     
  9. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    I don't whitelist clients. I think it is more important to educate them on proper logins.
    If they can't enter the proper credentials after a few tries, then something needs to change on the client's end.

    Often, I find, it's an alert that a user at a company is having problems but is not telling their IT person. When the IP is blocked, IT calls and asks what the problem is, and poof, we find the problem.

    The temp block with CSF is great.
     
  10. jakesully

    jakesully Well-Known Member

    Joined:
    Nov 9, 2011
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    whitelisting a client ip in CSF wont whitelist them from brute force detection or so if they do a fail login still like 5 times or w.e it is it will then lock them out anyway but reason why you should whitelist them from CSF is to make CSF not blocking their ip otherwise it will make customer think the server has gone offline or so.
     
  11. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    whitelisting all clients IP's is like keeping a door for your house, but opening it for everyone.

    and what about clients who have dynamic IPs? Should the whole block be whitelisted?

    Might as well use temp ip bans so that if you are not able to access the server it will not lock them out for a long period of time.
     
Loading...

Share This Page