WHM with CSF
What is the correct way of using WHM Host Control in combination with CSF?
For example, currently Server (S) is configred to deny all IPs (except root machine) via WHM Host Control. But CSF is still reporting on sshd[<12345>]: refused connect from x.x.x.x. meaning attackers still are trying to carry out brute-force attack.
Any ideas or best practice available for utilizing Host Control with CSF?
Thanks in advance
-
Hello, I recommend configuring SSH on a different port to reduce the number of brute force attempts. We have a guide on this at: How to Secure SSH - cPanel Knowledge Base - cPanel Documentation Regarding CSF configuration, the following document offers a list of ports you may want to block in your CSF configuration: How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation Host Access Control is useful for controlling access to services where the port must remain open (e.g. cPanel, WHM, Webmail). Thus, if you wanted to only allow access to cPanel from specific IP addresses, you could use Host Access Control for that purpose. It's documented at: Host Access Control - Documentation - cPanel Documentation Thank you. 0 -
Thank you Michael - very useful links. I have already studied them :-) That's is why this question came up. Just to re-confirm: CSF could be considered as the 'first layer' of protection and Host Access Control (HAC) as 2nd? For example, if host control allows ssh port (i.e. 26) exclusively for a root's IP (x.x.x.x) but CSF keeps the port (i.e. 26) open as TCP_In/Out the attacks will follow and CSF shall be tracking them down? Or will the Host Access Control refuse the attacker to use the service (because the attacked is not in the list of (HAC)? Or will both events happen? And the other case would be: If CSF blocks the 22 totally (not in TCP_IN/OUT) list and WHM HAC does allow a root's IP (x.x.x.x) to use sshd while sshd is configured to 22nd port. Will root's IP (x.x.x.x) be in position to use sshd (presumably not as CSF will block all in/out to that port). Thanks a lot! 0 -
Hello, I wouldn't necessarily say CSF is a first layer of protection and Host Access Control is a second layer of protection. Each can somewhat do the same thing, but in different ways. The following third-party URL offers a good explanation of the differences: What is the difference between securing a linux box using hosts.[allow|deny] vs iptables? Thanks! 0
Please sign in to leave a comment.
Comments
3 comments