How to stop cPanel cron that add iptables rules?

Simsim

• October 03, 2014 08:38

Hello all (you can directly jump to the problem section below) My server is being attacked everyday since long time. After I did comprehensive research I found the problem. They are making DOS attack from time to time. unhappy user, spams I don't know .. I tried to attack my server by myself.. It was really surprising that how easy to break the server. Simple DOS attack tool can cause Apache/PHP busy to serve DOS requests until the server become unresponsive. This is usual case right ? all famous websites have this problem .. and its solution is simple.. It is the firewall (iptables in my case) to stop DOS attack. I create my custom iptables rules by myself. after comprehensive studying to iptables capabilities and testing on my test server while allowing all the port that is needed by cPanel which is listed in this page: [url=http://cpanel.net/getting_the_most_out_of_your_systems_firewall/]Getting the most out of your system's firewall. | cPanel, Inc. I made very strong rules .. which I am happy to apply. efficient, strong and exactly what my website need. I don't need the service of CSF or whatever which is created for general purposes. The problem: ****************************************** I want to disable the iptables rules that are injected by cPanel every while . cPanel insert these rules via cronjob. I am sure about that because every time I --flush iptables rules (and put my rules), cPanel insert its rules after a while. The chain name that is added by cPanel is "acctboth" which cause all my custom protection to cease function. I will NOT use ConfigServer. I am very happy with my own rules which I created after long days of studying/thinking/testing. Thanks.

• 

  cPanelMichael

  • October 03, 2014 14:27

  Hello :) Could you elaborate further on why you prefer to avoid a firewall management application such as CSF? It's really helpful in ensuring that custom rules are saved and preserved. Also, when making custom iptables rules, are you saving them via the "/etc/init.d/iptables save" command? Thank you.

  0
• 

  Simsim

  • October 03, 2014 15:09

  Thanks for quick response

  ]Hello :) Could you elaborate further on why you prefer to avoid a firewall management application such as CSF? It's really helpful in ensuring that custom rules are saved and preserved.

  
  I know CSF is great, reliable, integrated with cPanel. Any way CSF is created for general purposes, while I have custom requirements, Yes I know I can reconfigure CSF by editing the conf file so I (maybe) can enforce own iptables rules. but this is really complex I think. Example, In my requirements, I heavily depend on iptables recent module, while I can instruct CSF to utilize the recent capability, But I am restricted in what can I add I created my rules that enable me to distinguish attacks, ban IPs dynamically that behave strangely or maliciously, white-list myself by using port knocking, create very sophisticated rules while maintain acceptable level of performance since recent module is CPU intensive. I have to study CSF very well so I can change its behavior as I want exactly. But in that case It is better that I just do NOT use it.

  ] Also, when making custom iptables rules, are you saving them via the "/etc/init.d/iptables save" command?

  
  Actually I have script (sh file) that when I run it do the following: 1- delete all the existing rules and allowing everyone 2- Apply my own iptables rules and chains on fly I don't need to "save" since I can make this script run at the startup so all my iptables rules are enforced. And unless iptables is restarting, no one will look at the iptables original conf file. This working great. The only problem is that something is insert a chain called "accboth" every few minutes and this of course happen through the crontab that execute a script just like mine (this is my conclusion) which insert this chain at the beginning. The added chain, accboth, do nothing actually, It is just allowing everything to come and go without any restriction. that's why it need to be disabled if anyone want to enforce his own iptables rules. Thanks

  0
• 

  cPanelMichael

  • October 03, 2014 16:14

  You can disable the "bandmin" cron jobs using the "crontab -e" command, as it's those cron jobs that add the iptables rules you are referring to. Bandmin is not required, and is provided as an additional application to track traffic from IRC servers, game servers, or other types of servers. Thank you.

  0
• 

  Simsim

  • October 03, 2014 17:58

  Thank you very much

  0

Please sign in to leave a comment.