STOP Attacker before attack happen
Open Discussion
As a server administrator I would like cPanel to integrate with third-party monitoring services to allow me to filter traffic in my sever's firewall according to IP addresses managed by third parties, allowing me to more easily block traffic from known-malicious IPs that have no reason to log into my server.
For example, I would input the URL of a third party monitoring service, and cPanel would regularly ensure that the IP addresses in that third party list were blocked in my firewall.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Isn't this already possible with mod security ?
You might also want to check out CloudLinux's Imunify 360 that does this as part of their product.
Isn't this already possible with mod security ?
You might also want to check out CloudLinux's Imunify 360 that does this as part of their product.
Hello.
As we know it isn't.
We like use share database of low reputation IP addresses which do not have access to the server like SPAM blacklist.
Example:
Abuser attack server A. Server A report abuser IP address to share database.
All other services who use share databases prevent any interaction with abuser IP address.
IP address on this list cannot connect to the server.
Hello.
As we know it isn't.
We like use share database of low reputation IP addresses which do not have access to the server like SPAM blacklist.
Example:
Abuser attack server A. Server A report abuser IP address to share database.
All other services who use share databases prevent any interaction with abuser IP address.
IP address on this list cannot connect to the server.
Hi Stas,
It turns out malicious servers scan our networks by IP range and when security system bock, it go to the next IP.
It is for this reason that our Security Operations Center has put a security information management system (SIM) in order to view and manage thoses attacks and block them preventively on our other servers.
The BlockingList is very easy to use, go to WHM >> ConfigServer Security & Firewall >> lfd Blocklist and add this code at the end of file:
Enjoy tranquility !
If you wish to participate in the blocklist with honeypots, please contact me via the contact page.
Hi Stas,
It turns out malicious servers scan our networks by IP range and when security system bock, it go to the next IP.
It is for this reason that our Security Operations Center has put a security information management system (SIM) in order to view and manage thoses attacks and block them preventively on our other servers.
The BlockingList is very easy to use, go to WHM >> ConfigServer Security & Firewall >> lfd Blocklist and add this code at the end of file:
Enjoy tranquility !
If you wish to participate in the blocklist with honeypots, please contact me via the contact page.
Good news!
https://greensnow.co/
Good news!
https://greensnow.co/
modsec is for amateurs...
Look at CSF blocklists..... also : https://greensnow.co/, which uses csf iptables
This will help you for most virulent ones, but you can't fight the whole world, since 10% IPs are bad :). Don't overcharge csf iptables, this can lead to a freeze of CSF, then server crash
We use nginx, and map custom settings to block big list when we want, just an exmaple, custom security is not on catalogue, and is large... We block countries like RU, CN, UA (because most come from here), and client can allow them if he wants thanks to an advanced nginx plugin system too....
modsec is for amateurs...
Look at CSF blocklists..... also : https://greensnow.co/, which uses csf iptables
This will help you for most virulent ones, but you can't fight the whole world, since 10% IPs are bad :). Don't overcharge csf iptables, this can lead to a freeze of CSF, then server crash
We use nginx, and map custom settings to block big list when we want, just an exmaple, custom security is not on catalogue, and is large... We block countries like RU, CN, UA (because most come from here), and client can allow them if he wants thanks to an advanced nginx plugin system too....
Thank you!
We found this "csf.blacklist". And it could be that what we are searching for.
How it works map custom settings for big list?
Thank you!
We found this "csf.blacklist". And it could be that what we are searching for.
How it works map custom settings for big list?
You can also add myip.ms list. I added this to my servers a few months ago and it made a word of differnece.
MYIPMSBLACKLIST|3600|0|https://myip.ms/files/blacklist/csf/latest_blacklist.txt
MYIPMSUSERS|3600|0|https://myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt
You can also add myip.ms list. I added this to my servers a few months ago and it made a word of differnece.
MYIPMSBLACKLIST|3600|0|https://myip.ms/files/blacklist/csf/latest_blacklist.txt
MYIPMSUSERS|3600|0|https://myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt
Replies have been locked on this page!