Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM with CSF

Discussion in 'Security' started by webcto, Nov 9, 2016.

  1. webcto

    webcto Registered

    Joined:
    Nov 9, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Luxembourg
    cPanel Access Level:
    Root Administrator
    What is the correct way of using WHM Host Control in combination with CSF?

    For example, currently Server (S) is configred to deny all IPs (except root machine) via WHM Host Control. But CSF is still reporting on sshd[<12345>]: refused connect from x.x.x.x. meaning attackers still are trying to carry out brute-force attack.

    Any ideas or best practice available for utilizing Host Control with CSF?

    Thanks in advance
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I recommend configuring SSH on a different port to reduce the number of brute force attempts. We have a guide on this at:

    How to Secure SSH - cPanel Knowledge Base - cPanel Documentation

    Regarding CSF configuration, the following document offers a list of ports you may want to block in your CSF configuration:

    How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation

    Host Access Control is useful for controlling access to services where the port must remain open (e.g. cPanel, WHM, Webmail). Thus, if you wanted to only allow access to cPanel from specific IP addresses, you could use Host Access Control for that purpose. It's documented at:

    Host Access Control - Documentation - cPanel Documentation

    Thank you.
     
    SysSachin likes this.
  3. webcto

    webcto Registered

    Joined:
    Nov 9, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Luxembourg
    cPanel Access Level:
    Root Administrator
    Thank you Michael - very useful links. I have already studied them :)

    That's is why this question came up.

    Just to re-confirm:
    CSF could be considered as the 'first layer' of protection and
    Host Access Control (HAC) as 2nd?

    For example, if host control allows ssh port (i.e. 26) exclusively for a root's IP (x.x.x.x) but CSF keeps the port (i.e. 26) open as TCP_In/Out the attacks will follow and CSF shall be tracking them down? Or will the Host Access Control refuse the attacker to use the service (because the attacked is not in the list of (HAC)? Or will both events happen?

    And the other case would be:
    If CSF blocks the 22 totally (not in TCP_IN/OUT) list and WHM HAC does allow a root's IP (x.x.x.x) to use sshd while sshd is configured to 22nd port. Will root's IP (x.x.x.x) be in position to use sshd (presumably not as CSF will block all in/out to that port).


    Thanks a lot!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator

Share This Page