In this tutorial we will see WHM Security Tips for a Safer Server.
Most of the people use cPanel & WHM servers, and in these servers end-users often complain about IPs blocks due to cPanel firewall (aka cpHulk).
Don’t disable cPanel firewall. Here’s why.
Web hosts lose hundreds or even thousands of dollars every year due to IP blacklisting. Angry customers who see their mails bouncing, websites blacklisted and online sales plummeting cancel their accounts, and leave bad reviews about the hosting provider, which depletes customer base and drives down sales.
IPs get blacklisted due to spamming and malware infection, and a popular way hackers do it is by gaining access to valid accounts using Brute Force Attacks.
cPanel’s solution to Brute Force Attacks is cpHulk, which blocks an IP if there are successive login failures (usually the sign of brute forcing) to SMTP, POP, FTP or Admin services.
So, disabling cPanel firewall is just switching one problem for another, which is why we always recommend to keep the firewall on.
Why cPanel firewall (cpHulk) blocks valid users
If the cPanel firewall is designed to keep hackers out, why is it blocking valid users, right?
Well, some people forget to update their new password in mail clients, FTP clients or password managers. It causes these programs to repeatedly retry logging in using invalid login details, which mimics a brute force login attempt. I’ve seen many variations of this issue:
- Users having multiple devices forget to update password in one of them.
- Everyone sharing an office IP blocked out because one staff forgot to update their password.
- Mail/FTP settings misconfiguration.
- ..and more
What we do to prevent valid IPs from being blocked
If the IP was blocked because firewall sensitivity is too tight, we tweak cpHulk settings so that similar issues are avoided in the future.
For VPS hosting clients who do not want to meddle with cpHulk settings, we can use pre-configured alternate cPanel firewalls like CSF/LFD, APF/BFD, Fail2Ban, and more.
Alternatives to cpHulk
While cpHulk is the default cPanel firewall, there are alternate 3rd party and open source firewalls that we’ve used with cPanel. In cases where maintaining cpHulk proved to be too much of a hassle, we’e used one of these:
- CSF/LFD (ConfigServer Security & Firewall / Login Failure Daemon) – This tool has a WHM interface, and offers more modular controls than cpHulk.
- Fail2Ban – This tool is popular among Plesk users and the general Linux community, but works well with cPanel as well.
- APF/BFD (Advanced Policy Firewall / Brute Force Detection) – APF is an older firewall for hosting servers, but it still works well if configured correctly.
IP blocks can be a hassle, but disabling cPanel firewall to avoid IP blocks will just make your server vulnerable.
Prevent invalid IP blocks by adjusting cpHulk sensitivity settings, or by using alternate cPanel firewalls like CSF/LFD or Fail2Ban.