Difference between revisions of "Main Page"
(→CSF) |
(→CSF) |
||
Line 59: | Line 59: | ||
− | + | ==cPHulk== | |
− | |||
− | cPHulk | ||
Brute Force Protection deny/allow list edited through WHM | Brute Force Protection deny/allow list edited through WHM | ||
− | + | Main >> Security Center >> cPHulk Brute Force Protection | |
− | Main >> Security Center >> cPHulk Brute Force Protection | ||
− | |||
command line | command line | ||
Is it running? | Is it running? | ||
− | /usr/local/cpanel/scripts/restartsrv_cphulkd --status | + | /usr/local/cpanel/scripts/restartsrv_cphulkd --status |
− | |||
blacklist an IP | blacklist an IP |
Revision as of 18:27, 1 October 2017
MediaWiki has been installed.
Consult the User's Guide for information on using the wiki software.
Wiki
Firewalls/Blocked IPs
APF
Blacklist
vim /etc/apf/deny_hosts.rules
Whitelist
vim /etc/apf/allow_hosts.rules
Config file
vim /etc/apf/conf.apf
Restart
/etc/init.d/apf restart
Flush IP Tables
iptables -F
CSF
Use CSF to grep the current rules for an IP
csf -g ip.add.re.ss
CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line:
csf -i ip.add.re.ss
Blacklist
vim /etc/csf/csf.deny
Whitelist
vim /etc/csf/csf.allow
Restart (both CSF and LFD)
csf -ra
Configuration
vim /etc/csf/csf.conf
login failure log
/var/log/lfd.log
Fun output, IP address and the LFD trigger that got it blocked:
grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D'
looks like
118.98.66.56 ==blocked for==> [LF_SMTPAUTH] 92.38.233.191 ==blocked for==> [LF_SSHD] 104.167.104.147 ==blocked for==> [LF_SSHD] 73.179.232.255 ==blocked for==> [LF_CPANEL] 118.163.76.38 ==blocked for==> [LF_SMTPAUTH]
cPHulk
Brute Force Protection deny/allow list edited through WHM
Main >> Security Center >> cPHulk Brute Force Protection
command line Is it running?
/usr/local/cpanel/scripts/restartsrv_cphulkd --status
blacklist an IP /usr/local/cpanel/scripts/cphulkdblacklist <IP>
whitelist an IP
/usr/local/cpanel/scripts/cphulkdwhitelist <IP>
List the blacklist:
mysql -e "use cphulkd; select IP from brutes;" |egrep ^[0-9] |sort
List the whitelist
mysql -e "use cphulkd; select IP from whitelist;" |egrep ^[0-9] |sort