Knowledgebase

How to Whitelist IP But Prevent Brute Force Attempts.

Posted by famehosting, 09-10-2011, 02:53 PM
We host a clients domain which has over 100 email accounts. The client has a dedicated IP address to connect to the internet. Every couple of days a user tries to brute force cpanel from the clients network with incorrect passwords and the IP gets blocked at the server by CSF. Due to this all email communication is blocked and the client is unable to connect to the server until the IP is removed from the firewall. If we whitelist the IP, it gives the rogue user on the network a free run to brute force. It we don't whitelist the IP, it will continue to be blocked whenever the user attempts to brute force. What changes can we do on our server or csf to ensure that the IP can be whitelisted but multiple brute force attempts are prevented from the network?
Posted by GOT, 09-12-2011, 02:07 PM
In the firewall, either IP is blocked or its not. Once they trigger the brute force sensor in LFD, then that IP is going to get blocked. You can make it a temporary block if that helps matters. Also, there are two 'whitelists' one is csf.allow which means all ports are open to the IPs in that list, and there is csf.ignore which tells lfd not to check an IP for brute force attacks.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
KVM-over-IP for BIOS Access (Views: 577)
CSF ssh error - Did not receive identification string (Views: 593)
Reseller Secrets and Solutions (Views: 588)
One ip for both nameserver (Views: 562)
host pop3d: authentication error: Input/output error (Views: 604)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.