Ban IP's that access too many 404 pages

subtopic

• August 30, 2018 14:37

I am hosting sites with inmotionhosting, and have used up 2 hours of paid support, and they cannot configure CSF to ban IP's that request over 100 404 pages. I am getting attacked daily from thousands of IP's requesting a file called chrqd.php, here is an example 1-0 - 0/0/1 . 0.04 679 0 0.0 0.00 0.00 94.23.196.106 http/1.1 vps.inmotionhosting.com:80 GET /xcns/chrqd.php?up=%C3%9A%C2%AF%C3%98%C2%B1%C3%99%CB%86%C3%
There are 10 other lines of IP's doing 679 requests to that file against my VPS and other domains I manage. I can only think of using CSF to ban these IP's. Is there a better solution? This post was done on the CSF forum already located

• 

  Infopro

  • August 30, 2018 19:50

  I can only think of using CSF to ban these IP's.

  
  Sure you can use CSF for this. Look for the section titled: LF_APACHE_404

  0
• 

  subtopic

  • August 30, 2018 20:39

  Sure you can use CSF for this. Look for the section titled: LF_APACHE_404

  
  Yep, that is what IMH already did, they set that to 100, but as you can see above I am still getting over 600 * (at least) 8 other IP's requesting 404 files each minute it seems.

  0
• 

  Infopro

  • August 30, 2018 21:12

  Do you have mod security installed on this server? This thread may be of some use to you:

  0
• 

  subtopic

  • August 30, 2018 21:15

  I looked under etc/modsecurity
  And don't see that directory, so I take it I don't.

  0
• 

  Infopro

  • August 30, 2018 21:19

  Here is where you install it from: WebHost Manager "Security Center "ModSecurity" Vendors "Manage Vendors

  0
• 

  subtopic

  • August 30, 2018 21:48

  Looks like I have it in WHM. How do I configure the 404 banning in this? /image.ibb.co/jfasL9/mod.png Here is the vendors page preview.ibb.co/gHhBDU/mod2.png

  0
• 

  Infopro

  • August 31, 2018 00:50

  You don"t but you should install it, mod security can help.

  0
• 

  subtopic

  • August 31, 2018 17:18

  Alright, I followed a guide and went into the EasyApache4 settings, and looked at the modules installed, and mod_security is installed it says. A little green box next to it says installed. If you can tell me what I can do with mod_security to help with this issue, I can search into it. I appreciate your help!

  0
• 

  Infopro

  • August 31, 2018 19:16

  In your screenshots posted above, you could see it stated Vendor not installed. Did you install it from there on that page? It's a few clicks. Once mod security is installed properly, and you've configured it on the mod security settings page: WebHost Manager "Security Center "ModSecurity" Configuration "Configure Global Directives You'll see a list of rule hits on this page as they get triggered by this sort of bad traffic: WebHost Manager "Security Center "ModSecurity" Tools "Hits List You should also find the docs of some use for making your server more secure: Recommended Security Settings - cPanel Knowledge Base - cPanel Documentation

  0

Please sign in to leave a comment.