ConfigServer Community Forum

I'm running a cPanel server that sits behind CloudFlare. I've been using csf for a while on another cPanel server and found it incredibly useful, but it's next to useless when all traffic is coming from a small range of already-known IPs. A script like Flarewall is a good start, but still requires c...

Solution from cPanel forums:

in /etc/csf/csf.deny:

Code: Select all

tcp|in|d=2087|d=123.123.123.2

This would deny port 2087 on 123.123.123.2 but not other IPs allocated to the server. Create more rules to block other ports on other specific IP addresses.

Update: I asked the same question on the cPanel forums, and found out there's a setting for this in CSF:

Code: Select all

LF_MODSEC = "10"
LF_MODSEC_PERM = "300"

This would block for 5 minutes (300 seconds) after modsec rules being triggered.

I'm using a subset of the OWASP ruleset, and I'm still getting lots of false positives. Almost every time that happens, the IP responsible gets a permanent block in iptables, which I think is a little strict even if they were trying to attack the server. I've tried Googling around a bit, and I can't...

I've got a server with multiple public-facing IPs, and I'd like certain services to only be bound on certain IPs. Services like SSH and FTP can simply be configured to only bind to a single interface, but I've got a couple stubborn ones that insist on binding to them all. What I'm basically looking ...