How can I permanently block IP?
I know this functionality exists in CSF but when server gets hit with distributed email attack it could be hundreds of IPs every minute, CSF blocks them but doesn't take long to hit the limit which would unblock them again.
Increasing the limit won't do much because there is just too many IPs, any limit will be hit rather quickly.
Is there a way I can permanently block these IPs?
-
The chances are that these are zombies, which like a virus will propogate, so blocking them permanently would be a wasted effort. Besides If there are too many IP's then how would you know which ones to permanently block. Personally, I'd increase the block count in CSF until they go away. or if you can see a country pattern, use a Country Code block for a day or two. 0 -
Your answer is in the documentation of csf.deny: # Note: If you add the text "do not delete" to the comments of an entry then # DENY_IP_LIMIT will ignore those entries and not remove them Simply append 'do not delete' somewhere on the deny line, i.e. 123.123.123.123 # do not delete0 -
Your answer is in the documentation of csf.deny: # Note: If you add the text "do not delete" to the comments of an entry then # DENY_IP_LIMIT will ignore those entries and not remove them Simply append 'do not delete' somewhere on the deny line, i.e.
123.123.123.123 # do not delete
Are you not actually doing that 'do not delete' by adding an IP to the blacklist in the cPHulk Brute Force Protection0 -
Are you not actually doing that 'do not delete' by adding an IP to the blacklist in the cPHulk Brute Force Protection
Hello :) cPHulk and CSF are two separate entities. Not everyone that uses CSF enables cPHulk, but yes it's true you can add an IP address to the black list in cPHulk if you want to block it in cPHulk permanently.. Thank you.0
Please sign in to leave a comment.
Comments
4 comments