Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Truly permanent IP bans

Discussion in 'E-mail Discussions' started by glauco, May 26, 2017.

  1. glauco

    glauco Member

    Joined:
    Aug 26, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    51
    My csf.deny is currently set to contain a maximum of 1000 entries. It's my undestanding that it's not recommended to allow this list to get much larger than this, so I haven't. However, this presents a problem.
    I am regularly plagued by spam emails coming from a handful of specific IP ranges. It's easy enough to ban these ranges using the Quick Deny bok, like so:
    46.19.0.0/16
    This adds a manual entry at the end of the csf.deny file. I do this for the 5 or so offending IP ranges and for a few weeks I am blissfully spam free.
    Then eventually my manual entries get pushed to the top of csf.deny until they get removed altogether. At that point, the spam starts coming again.
    My question is: where and how can I place a completely permament ban on these IP ranges? There has to be a place were these manual entries can be stored so they are not periodically cleared by the system. If such a place doesn't exist, how do I go about creating one?
    I know in theory I could log onto WHM every couple of weeks and manually move those entries to the bottom of csf.deny - but surely there's a better way?
     
  2. glauco

    glauco Member

    Joined:
    Aug 26, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    51
    Replying to my own question here: it seems you can link a separate txt file to csf.deny with IPs to block. So added this line to the top of csf.deny, just above the list of banned IPs:

    Include /etc/csf/ipblock.txt

    I uploaded ipblock.txt file to the above location. The content of the file is simply:

    46.19.0.0/16
    104.160.0.0/16
    88.99.0.0/16
    216.218.0.0/16
    138.201.0.0/16

    Will this work? I assume the line I added to csf.deny will not be removed? And if I add more entries to my ipblock.txt, do I then need to restart csf + lfd?
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    885
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Theres no need to create additional lists, If you add

    # do not delete

    after the IP, they will remain in the normal block list.

    I normally follow this up with additional comments for my own records.

    eg

    xxx.xxx.xxx.0/24 # do not delete - noisy neighbours
     
    Infopro likes this.
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,773
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. glauco

    glauco Member

    Joined:
    Aug 26, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    51
    Sorry, bad edit...
     
  6. glauco

    glauco Member

    Joined:
    Aug 26, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    51
    Thanks, this is what I was looking for! I knew there had to be a way...
     
  7. glauco

    glauco Member

    Joined:
    Aug 26, 2011
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    51
    Thanks, this looks interesting but I don't really want to load up long lists with thousands of IPs, it would just end up slowing down the server. I'd rather manually block the Ips that regularly target my accounts. Keit63's solution is ideal in my case.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,773
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:

    Not necessarily. :)

    Check your firewall configuration for IPset options.

    I've highlighted the import parts of that above for you. ;)
     
Loading...

Share This Page