Difference between revisions of "Main Page"
(→Firewalls/Blocked IPs) |
(→CSF) |
||
Line 57: | Line 57: | ||
73.179.232.255 ==blocked for==> [LF_CPANEL] | 73.179.232.255 ==blocked for==> [LF_CPANEL] | ||
118.163.76.38 ==blocked for==> [LF_SMTPAUTH] | 118.163.76.38 ==blocked for==> [LF_SMTPAUTH] | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | cPHulk | ||
+ | Brute Force Protection deny/allow list edited through WHM | ||
+ | |||
+ | |||
+ | Main >> Security Center >> cPHulk Brute Force Protection | ||
+ | |||
+ | |||
+ | command line | ||
+ | Is it running? | ||
+ | /usr/local/cpanel/scripts/restartsrv_cphulkd --status | ||
+ | |||
+ | |||
+ | blacklist an IP | ||
+ | /usr/local/cpanel/scripts/cphulkdblacklist <IP> | ||
+ | |||
+ | |||
+ | whitelist an IP | ||
+ | /usr/local/cpanel/scripts/cphulkdwhitelist <IP> | ||
+ | |||
+ | |||
+ | List the blacklist: | ||
+ | mysql -e "use cphulkd; select IP from brutes;" |egrep ^[0-9] |sort | ||
+ | |||
+ | |||
+ | List the whitelist | ||
+ | mysql -e "use cphulkd; select IP from whitelist;" |egrep ^[0-9] |sort |
Revision as of 18:25, 1 October 2017
MediaWiki has been installed.
Consult the User's Guide for information on using the wiki software.
Contents
Wiki
Firewalls/Blocked IPs
APF
Blacklist
vim /etc/apf/deny_hosts.rules
Whitelist
vim /etc/apf/allow_hosts.rules
Config file
vim /etc/apf/conf.apf
Restart
/etc/init.d/apf restart
Flush IP Tables
iptables -F
CSF
Use CSF to grep the current rules for an IP
csf -g ip.add.re.ss
CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line:
csf -i ip.add.re.ss
Blacklist
vim /etc/csf/csf.deny
Whitelist
vim /etc/csf/csf.allow
Restart (both CSF and LFD)
csf -ra
Configuration
vim /etc/csf/csf.conf
login failure log
/var/log/lfd.log
Fun output, IP address and the LFD trigger that got it blocked:
grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D'
looks like
118.98.66.56 ==blocked for==> [LF_SMTPAUTH] 92.38.233.191 ==blocked for==> [LF_SSHD] 104.167.104.147 ==blocked for==> [LF_SSHD] 73.179.232.255 ==blocked for==> [LF_CPANEL] 118.163.76.38 ==blocked for==> [LF_SMTPAUTH]
cPHulk
Brute Force Protection deny/allow list edited through WHM
Main >> Security Center >> cPHulk Brute Force Protection
command line
Is it running?
/usr/local/cpanel/scripts/restartsrv_cphulkd --status
blacklist an IP
/usr/local/cpanel/scripts/cphulkdblacklist <IP>
whitelist an IP
/usr/local/cpanel/scripts/cphulkdwhitelist <IP>
List the blacklist:
mysql -e "use cphulkd; select IP from brutes;" |egrep ^[0-9] |sort
List the whitelist
mysql -e "use cphulkd; select IP from whitelist;" |egrep ^[0-9] |sort