Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security
Tags Countries, CC_DENY, DNS

Block countries from accessing all services but not their DNS queries

Hays Sleiman shared this idea 13 months ago
Needs Review

I have been getting a lot of attacks targeting my cPanel servers from other countries. They specifically target SSH access amongst other services.

Initially, it was easiest to just use CSF and the CC_DENY option. However, the issue with this is that it also blocks dns queries from those countries, so as a result you have issues where legitimate emails routed through those countries don't get delivered because they can't look up DNS on our servers. Google routes their emails and DNS queries through many counties - a lot fo which are known to attack our servers constantly.

I have come accross this issue many times and it is outlined in the following support thread:

https://forums.cpanel.net/threads/csf-blocking-google-dns-dig-command.636873/


Essentially, I had to remove countries from CC_DENY to allow emails to come through, but then the attacks from those countries started again.

So simply put, the request is to be able to block other countries from accessing any services or ports EXCEPT DNS lookups (or port 53).

Apologies if there is an easier way to do this. And yes, my services are secured in other ways (Different ports and rules etc), and I haven't had any major issues so far, but it would give a lot more peace of mind knowing the firewall is blocking those IPs from trying to access any other services from the get go.

Cheers.

1 I like this idea 0  
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.