Difference between revisions of "Main Page"
From Wiki.onotech.org
(→CSF) |
(→cPHulk) |
||
Line 64: | Line 64: | ||
Main >> Security Center >> cPHulk Brute Force Protection | Main >> Security Center >> cPHulk Brute Force Protection | ||
− | command line | + | ===command line=== |
Is it running? | Is it running? | ||
/usr/local/cpanel/scripts/restartsrv_cphulkd --status | /usr/local/cpanel/scripts/restartsrv_cphulkd --status | ||
− | + | stop and disable it | |
− | /usr/local/cpanel/ | + | /usr/local/cpanel/etc/init/stopcphulkd |
− | + | /usr/local/cpanel/bin/cphulk_pam_ctl --disable | |
− | |||
− | |||
− | /usr/local/cpanel/ | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 18:35, 1 October 2017
MediaWiki has been installed.
Consult the User's Guide for information on using the wiki software.
Wiki
Firewalls/Blocked IPs
APF
Blacklist
vim /etc/apf/deny_hosts.rules
Whitelist
vim /etc/apf/allow_hosts.rules
Config file
vim /etc/apf/conf.apf
Restart
/etc/init.d/apf restart
Flush IP Tables
iptables -F
CSF
Use CSF to grep the current rules for an IP
csf -g ip.add.re.ss
CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line:
csf -i ip.add.re.ss
Blacklist
vim /etc/csf/csf.deny
Whitelist
vim /etc/csf/csf.allow
Restart (both CSF and LFD)
csf -ra
Configuration
vim /etc/csf/csf.conf
login failure log
/var/log/lfd.log
Fun output, IP address and the LFD trigger that got it blocked:
grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D'
looks like
118.98.66.56 ==blocked for==> [LF_SMTPAUTH] 92.38.233.191 ==blocked for==> [LF_SSHD] 104.167.104.147 ==blocked for==> [LF_SSHD] 73.179.232.255 ==blocked for==> [LF_CPANEL] 118.163.76.38 ==blocked for==> [LF_SMTPAUTH]
cPHulk
Brute Force Protection deny/allow list edited through WHM
Main >> Security Center >> cPHulk Brute Force Protection
command line
Is it running?
/usr/local/cpanel/scripts/restartsrv_cphulkd --status
stop and disable it
/usr/local/cpanel/etc/init/stopcphulkd /usr/local/cpanel/bin/cphulk_pam_ctl --disable