Blacklist IPs

PatrickVeenstra

• June 01, 2015 16:22

I have a .conf file with IPs that are not allowed to access the server. Am I assuming correctly that I should include the file in the "pre main include" section of the Include Editor? Thanks in advance for helping.

• 

  cPanelMichael

  • June 02, 2015 14:43

  I have a .conf file with IPs that are not allowed to access the server.

  
  Hello, Are you attempting to block IP addresses from accessing Apache? Have you considering using a firewall management tool such as CSF instead? Thank you.

  0
• 

  PatrickVeenstra

  • June 02, 2015 23:08

  Hi Michael, Yes I am. I'm automatically downloading an IP list and create a .conf file to exclude all those IPs. Can I update the IP list from the commandline (i.e. using a cron job) if I use CSF?

  0
• 

  weetabix

  • June 03, 2015 01:31

  With CSF you have a blacklist option that can download lists of IPs periodically. If used with ipset on the server you can have huge blacklists without any significant slowdown of the requests. The blocks are made on IP level, which means they will have no access to any service on the server whatsoever. Blocking around 30k IPs alltogether on each of my servers and it's working great.

  0
• 

  LostNerd

  • June 03, 2015 09:21

  Hi there! You could create a script to update:
  /etc/csf/csf.deny
  Just make sure you restart csf and lfd after any changes.

  0
• 

  PatrickVeenstra

  • June 03, 2015 12:07

  Thanks weetabix, but can you please point me to the auto update function? edit: thank you LordNerd

  0
• 

  LostNerd

  • June 03, 2015 12:32

  No worries. If you do try to get my suggestion working, do let me know how it goes!

  0
• 

  weetabix

  • June 03, 2015 18:27

  Thanks weetabix, but can you please point me to the auto update function? edit: thank you LordNerd

  
  I meant blocklist, they are configurable i csf.blocklist and in the cpanel plugin you have a button for editing it.

  0
• 

  Mangoose

  • June 30, 2015 10:07

  Recently I enabled the cP Hulk Brute Force Protection and now I receive on an hourly bases a list of IP's from which an malicious hack attempt was made. Related to Patrick's question these are mine: 1. can't you use a script that blacklists those IP's within the cP Hulk Brute Force protection and force them in the blacklist and if such a script / command line is present, what is it it ? 2. if I where to implement what you all suggested to Patrick how can I check if those IP are actually blacklisted and is there a way I can whitelist an IP that mistakenly ends up being there ? Thanks in advance for any reply.

  0
• 

  cPanelMichael

  • July 20, 2015 14:50

  Hello :) 1. You should not have to block an IP address in cPhulk if the IP address is already blocked by your firewall. Those IP addresses would not be able to attempt authentication without access to connect to the server. 2. Could you be more specific? Are you referring to the suggestion to install CSF? Thank you.

  0

Please sign in to leave a comment.