How to Find the IP Blocked by the Firewall in WHM?

ccw

• April 20, 2019 05:55

Hi, If an IP is blocked by the firewall on the server. How can I know the specific IP address being blocked in the web-based WHM system? Thanks

• 

  GOT

  • April 20, 2019 14:01

  In plugins, go to ConfigServer Firewall, and click the button for Firewall Deny IPs

  0
• 

  ccw

  • April 20, 2019 23:18

  Hi, I go to "Plugins", but there is only "Add IP to Firewall", no "ConfigServer Firewall"

  0
• 

  GOT

  • April 21, 2019 03:33

  No indication what firewall it is? In shell you can run iptables --list --numeric |grep DROP And that should give you a list of blocked ips regardless of which control software is running.

  0
• 

  RoseHosting

  • April 21, 2019 04:56

  You can run this command: iptables -nvL | grep 1.2.3.4 Replace 1.2.3.4 with the actual IP address you want to find.

  0
• 

  cPanelLauren

  • April 22, 2019 20:53

  If you're not running a 3rd party firewall like CSF both of the above suggestions will be useful. Please let us know if you need any further help! Thanks!

  0
• 

  DallasClarke

  • November 12, 2020 09:00

  Hi CpanelLauren, I have been using CSF for a while now, and I only see 219 IP's blocked. I am disappointed that CSF is not permanently blocking them. Firewall Deny IPs, only shows today's blocked IPs. Where are the rest of the blocked IPs gone?

  0
• 

  DallasClarke

  • November 12, 2020 09:09

  OK I had to go to /etc/csf/csf.conf file and change settings there. Wont hold any changed settings in cpanel. Set to 0 to disable limiting DENY_TEMP_IP_LIMIT = 0 DENY_IP_LIMIT = 0

  0
• 

  DallasClarke

  • November 12, 2020 09:22

  A website like mine has 100's of cyber attacks daily. Wish CSF was able to handle more IP's instead of reaching a limit then just deleting older IP's in the system. I would not keep getting attcked if CSF did its job permanently blocking IP's without a limit. I have changed it to no limit, but I still do not trust CSF to hold up to it, in practice.

  0
• 

  DallasClarke

  • November 12, 2020 09:37

  Looks like CSF settings have disappeared in cpanel after I edited and replaced csf.config IP LIMITS settings have not changed either.

  0
• 

  DallasClarke

  • November 12, 2020 09:40

  What a piece of rubbish CSF is. Luckily it has a fix problems button, so I had to reinstall it again. Wish there is a better alternative than pathetic ConfigServer Firewall.

  0
• 

  cPRex Jurassic Moderator

  • November 12, 2020 12:22

  @DallasClarke - sorry to hear about those issues! When a thread is more than a year old it's likely best to make your own to make sure it gets seen by the most people. If you are frequently seeing a large number of IPs being blocked, it might be better to block with country codes rather than expand the deny list. I also recommend reaching out to CSF directly through their support team or their forums at ConfigServer Community Forum - Index page to get more specific details on that and interact with their developers.

  0
• 

  dbltoe

  • December 21, 2020 21:42

  @DallasClarke - You did fine with the DENY_IP_LIMIT to zero. However, setting DENY_TEMP_IP_LIMIT to zero turns off the whole process. That's why it wasn't working for you.

  Looks like CSF settings have disappeared in cpanel after I edited and replaced csf.config IP LIMITS settings have not changed either.

  
  "Enable login failure detection daemon (lfd). If set to 0 none of the following settings will have any effect as the daemon won't start. "

  0

Please sign in to leave a comment.