Install fail2ban with CSF/LFD in cPanel; sample jail.conf config file
Below is an annotated jail.conf file for use on a cPanel server with the CSF firewall installed. This file is correct for most servers, but the comments have been included here for advanced users and the curious.
Important: This jail.conf is confirmed to work, unlike the one available by default in the RPMforge repositories. Notice that [apache-tcpwrapper], [apache-badbots] and [php-url-fopen] are still set to false. I'm currently testing those, to see how well these work with cPanel. Most of the settings available by default were going to conflict with CSF/LFD, and were thus removed to prevent accidentally being enabled. Only the [wordpress] is set to true -- and that the jail/filter for blocking WordPress brute logins. See the full guides for installing fail2ban on a cPanel, DirectAdmin or Virtualmin server at:
Quote:
|
From my recent experiences and penetration tests, I found out that DenyHost works better and more simple to use than Fail2ban and Fail2ban fails at some of the most unexpected time.
|
Quote:
The primary reason for installing it on a cPanel (or DirectAdmin or Virtualmin) server is so that it can block brute force attempts on WordPress or Exim. Otherwise there's really no reason to install it. It would be nice if DenyHosts could be used here, too -- especially since there are supposedly ways to also make it run under Windows. (See method here.) There's a WordPress plugin named "DenyHosts", but it has to do with the DenyHosts service. It's just one of those useless plugins that claims to "block" brute force traffic, but really does not. Sadly, there's no port for fail2ban for Windows, as it would be quite popular. We have RdpGuard, but it doesn't work with applications like WordPress -- just RDP and SQL server. * Note: As we mentioned in the guides, get a good VPS from somebody like EuroVPS or Ninja Hawk. Get a VPS with at least 1GB of RAM, and you'll be fine. That's really the minimum recommended for a cPanel server anyway. If you're using Virtualmin or DirectAdmin, the panel uses less RAM, but 1GB is still recommended because of the services -- mail, anti-spam, firewalls, etc. |
Correct me if I am wrong, but doesn't cpanels built in bruteforce (cphulk) protector and csf do pretty much the same thing?
|
Nope, it's not the same. I wrote this on WHT last year:
Quote:
|
Ahh, I see. Well, that was nice to know. Regardless the facts, after implementing firewalls and denyhosts, my final step is to lock everything to limited IP and can only be accessible of company VPN.
|
Followed the guide to install failtoban and have also used your example jail.conf file above since i am running cpanel with csf and wordpress. The only part i cannot find some ood advice on is the setting up of the /etc/fail2ban/filter.d files. You mention in the guide to refer to additional guides on The Digital FAQ or elsewhere. Can you suggest a configuration or guide to follow that will work with the jail.conf file given above?
Thanks for the step by step install though, it was very easy to follow and i liked the explanations of what i was doing unlike some guides. Cheers |
Quote:
Code:
[INCLUDES] Quote:
|
An update for this is being discussed at: http://www.digitalfaq.com/forum/web-...-blocking.html
Read that too! |
Site design, images and content © 2002-2024 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2024 Jelsoft Enterprises Ltd.