Skip to main content

cpHulk Blacklisting all countries

Comments

5 comments

  • keat63
    I have a setting in CSF that will only allow log in to email from a selected few countries. in CC_ALLOW_PORTS I have the country codes for the countries that I allow then CC_ALLOW_PORTS_TCP = 110,143,465,587,993,995,2082,2083,220,465,995,587, All listed ports should be removed from TCP_IN/UDP_IN to block access from elsewhere. This option uses the same format as TCP_IN/UDP_IN An example would be to list port 21 here and remove it from TCP_IN/UDP_IN then only countries listed in CC_ALLOW_PORTS can access FTP
    0
  • sahostking
    I decided to rather not block anything but rather improve sensitivity of hits on firewall. Seems to be working using distributed attack protection.
    0
  • keat63
    My server is dedicated to our business, I don't host any guest or customer accounts, just our own users. All my email users are based in one office using MS Outook, and a few have email configured on their mobile devices. No one needs to ever manually input their passwords, so my users don't even know their own passwords. I also have a CSF rule that says, 1 failed password authentication and the IP is locked out. So not only can you not gain access from other than 3 countries, fail once and you're locked out Very strict, maybe over kill but seems to work well.
    0
  • cPanelLauren
    Having a firewall or multiple installed does not mean you will adequately defend against distributed attacks. If you're undergoing attacks such as this, the solution is to implement protection specifically for this, which based on your last response it seems that you did. What did you enable so that it might help others?
    0
  • sahostking
    Used CSF and adjusted the following values: LF_DISTATTACK = LF_DISTATTACK_UNIQ = LF_DISTFTP = LF_DISTFTP_UNIQ = LF_DISTSMTP = LF_DISTSMTP_UNIQ = works quite nicely.
    0

Please sign in to leave a comment.