Protections in addition to CP Hulk
Hello! I've searched on the forum and not found much about this - apologies if it has been discussed elsewhere. I hope to someday soon be a contributor rather than just a "requester," but as someone just starting out, that might take a little while.
Two questions...
We are getting a fair amount of attempted hacks and I'd like to make sure we're protected as well as we can be. There are only 3 people who need access to our server with the exception of occasional freelancers. We've enabled CP Hulk and are manually blacklisting every IP with more than 10 denied attempts per day.
We have whitelisted the 6-10 IP's that that need access to the innards of our server.
1) Is there a firewall we should be using besides CP Hulk? I was hoping to have CP Hulk permanently ban the IP of all attempted hackers via the option to automagically blacklist them, but can't - because - The system disabled firewall options. These options require IPTables v1.4 or higher and a non-Virtuozzo environment.
2) What exactly does blacklisting prevent? I.e. If I blacklist entire regions of the world, will people in those regions that aren't hackers still be able to email us and visit our website - or are they blocked from every sort of communication?
Thank you for your advice and help!
-
1) A firewall such as csf would be helpful, but it looks like you are not set up to run iptables. 2) blacklisted IP addresses are completely blocked. That they are 'attempted' hacks means you are catching some of them. I would start by disabling WHM for users, unless you have resellers. You can do this by only allowing your IPs to access whostmgrd under Host Access Control. 0 -
Thank you George! 0 -
Hello, Yes, as mentioned, the "Host Access Control" option is a good idea if you have a specific set of IP addresses that you want to allow access to. The option allows you to allow those IP addresses and block all others for specific services. Thank you. 0 -
OK, set Host Access Control to just allow 4 IP addresses. So now at least we're not seeing anyone trying to get in with root access. Small success - thanks! Please bear with me on two+ follow up questions... we're still seeing about 25+ attempts per day - but now they are all on pure-ftpd, exim, cpaneld and pop3. Any suggestions besides CP Hulk? Would it make sense to whitelist our 4 ip addresses and then deny access to cpanel, ftp etc. for all other IP's in the host manager? Is there anything in there that would cause problems if I "deny" access to everything but these IP's? I assume if we denied all IP's, I'd have to whitelist our emailer provider's (Gmail) IP? Last, it seems we have courier, so CPHulk may not work vs. on Dovecot? Short of switching servers (which I'm becoming inclined to do), do you have any other suggestions? Thanks again for all your advice. 0 -
Hello, 1. I suggest enabling it for FTP, cPanel, POP3, IMAP, but not for Exim (it's not even an option). Note that to control access to the ftpd daemon, you must use the ProFTPD FTP server. Pure-FTP does not support TCP wrappers. 2. To control access to the POP3 or IMAP services, you may use either the Courier or Dovecot mail servers. However, I suggest using Dovecot, as it's what's installed by default and it's recommended for use with cPanel over Courier. Thank you. 0 -
Done! Last question (at least for now)... do I need to whitelist gmail and hotmail servers to have POP access via gmail and hotmail? Am wondering if I set POP3 to "deny all" whether it will deny access from those IP's. Thanks again!!! 0 -
Done! Last question (at least for now)... do I need to whitelist gmail and hotmail servers to have POP access via gmail and hotmail? Am wondering if I set POP3 to "deny all" whether it will deny access from those IP's. Thanks again!!!
Yes, you should whitelist any IP address that you want to access POP3 or IMAP. Note that if you plan to use Google or Hotmail to access your server with POP3 or IMAP, then you will need to whitelist a broad range of IP addresses that they use to connect with. Thank you.0
Please sign in to leave a comment.
Comments
7 comments