The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam IPs vs Legit Ones /Atomic Linux vs. CSF

Discussion in 'Security' started by medfordite, Apr 5, 2013.

  1. medfordite

    medfordite Member

    Joined:
    Dec 13, 2011
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Here is my situation -
    Long story short, hackers got into several Joomla based sites on my server and installed some scripts which are now being called by what I presume to be infected computers as part of a zombie botnet. I have had two abuse reports sent and have been working hard on removing the issues.

    I have installed CSF which I have a love/hate relationship with. In the past, it has locked me out for no reason at all (or so I have figured), but right now, is being a good friend and has been dropping well over 500 IP's that I have put in there as they are part of what I believe to be a botnet.

    Where I am running into issues is - I am monitoring one account (My personal site which was Joomla), and recording each and every IP that is attempting to access the now removed file (Site is now a blank 1 page HTML), then pasting them into the CSF block. That has slowed down traffic to my site quite nicely and I am sure will be beneficial. BUT....I know that some of these IP's are legit users and are probably infected and don't even know it. I don't want to risk blocking these people as some might be my customer's clients.

    What I want to know is if you have used Atomic Linux to secure your server, does it allow you to block continual failed accesses (404's)? This is the only way I know to trap these people. Or another way to do this? I am using the Latest Visitors plugin for Cpanel to get my IP info to block with.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    CSF will do this, too.

    Mod_security and CSF can be very useful. It sounds to me by your post that you're not entirely familiar with either of them.

    You should be.
     
  3. medfordite

    medfordite Member

    Joined:
    Dec 13, 2011
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    InfoPro -

    I appreciate your information.

    I guess it appears I don't have much experience in this area. We all have to start somewhere. :)
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    My apologies for any misunderstandings. You have CSF installed, knowing what it does, is important. From the CSF change log some time ago:

    The best place to start is with the docs:
    http://www.configserver.com/free/csf/readme.txt

    Starting somewhere is good, of course. These forums are not the mod_security or CSF, or even linux administration support forums though.

    So, although there is nothing at all wrong with your question:
    Reading up on how your security works is your best bet. Far better than asking someone to explain it to you. The CSF config page is commented throughout for better understanding of each setting. The problem is there are many settings, so, getting familiar with them all is, IMHO, a good tip. I'm not trying to be dismissive here at all, sorry.
     
Loading...

Share This Page