How/Where can i block an IP from cPanel?

Tearabite · December 15th, 2006, 4:35 PM

For the last few days i've been seeing the same IP attempted logons via varius ports thousands of times.
How/where can i block this IP?
If i block it via HTACCESS that wont work because he's not trying to log into the site itself, right?

Perhaps i should post the IP here so that everyone can block it also?

**Gaia** · December 15th, 2006, 5:00 PM

You can block the IP in cPanel by going to the IP Deny Manager. I'm pretty sure that will give him a Server Not Found or Forbidden page when he tries to access your domain.

**mr_fern** · December 15th, 2006, 7:05 PM

Blocking through cpanel is the same as blocking in htaccess, which only applies to for access to the domain (and port 80).

If you want to block the IP completely, you'll need to log into SSH and block the ip using iptables

at the prompt, type:

iptables -I INPUT -s IP_ADDRESS_HERE -j DROP

which should block all requests that come in from that IP address

Tearabite · December 15th, 2006, 7:06 PM

Quote:

Originally Posted by Gaia

You can block the IP in cPanel by going to the IP Deny Manager. I'm pretty sure that will give him a Server Not Found or Forbidden page when he tries to access your domain.

It looks like all that does is add the IP to my hTACCESS file (because i see on that screen other IP's that have been previously added to htaccess)..

Will this prevent attempts to log into other ports/services such as FTP, email, etc?

**lonelydreamer** · December 15th, 2006, 8:25 PM

Put in a support ticket, they should be able to help you.

Tearabite · December 15th, 2006, 8:33 PM

I'm going to read up on the iptables option..

I've gone thru more logs and it seems there are many others banging away on my server (only not as bad as this particular one) .. Am i right in assuming that this is just a loosing battle of wack-a-mole and I shouldnt bother trying to block them or report them to their ISP?

FWIW, i reported these hack attempts to the ISP that owns the IP address - their AUP dept responded and said the customer had been warned/notifed. I assume this means that some 15 year old kid is going to get yelled at by his parents tonight..

**Jesse** · January 5th, 2007, 3:12 PM

Quote:

Originally Posted by Tearabite

I'm going to read up on the iptables option..

I've gone thru more logs and it seems there are many others banging away on my server (only not as bad as this particular one) .. Am i right in assuming that this is just a loosing battle of wack-a-mole and I shouldnt bother trying to block them or report them to their ISP?

FWIW, i reported these hack attempts to the ISP that owns the IP address - their AUP dept responded and said the customer had been warned/notifed. I assume this means that some 15 year old kid is going to get yelled at by his parents tonight..

Doh, my parents just yelled at me for some stupid reason about the internet! ... hehe JK
(I'm not really 15 anyhow :X)

Anyways, you can block IPs, ip ranges, set rules for events and if triggered can block ips. Also there many types of firewalls out there. What may work best for you is BFD (anti-brute force) accompanied by a firewall. This will basically help in rejecting alot of the unnecessary connection attempts and perhaps any successful ones :X

If you want this done, just shoot the helpdesk a ticket and we can get something installed for you.

Laibeus Lord · February 1st, 2007, 1:04 AM

I am assuming those attempted logins were attempts to login via SSH.

If so, install this to your box DenyHosts -> http://denyhosts.sourceforge.net or ask Surpass to install it for you. That will help you curb the SSH login spam, which is eating your resources in the long run

Island · February 6th, 2007, 3:29 AM

APF firewall is still a good option too.
http://www.rfxnetworks.com/apf.php
Once installed you can add the offending IP's to deny_hosts.rules

December 15th, 2006, 4:35 PM	#1 (permalink)
Tearabite Registered User Seasoned Poster Joined in Aug 2006 66 posts Gave thanks: 11 Thanked 0 times	How/Where can i block an IP from cPanel? For the last few days i've been seeing the same IP attempted logons via varius ports thousands of times. How/where can i block this IP? If i block it via HTACCESS that wont work because he's not trying to log into the site itself, right? Perhaps i should post the IP here so that everyone can block it also? Last edited by Tearabite; December 15th, 2006 at 4:39 PM..

December 15th, 2006, 5:00 PM	#2 (permalink)
Gaia Holy hell and a hippie On a golden path... Joined in Nov 2006 Lives in Canada Hosted on SH106 392 posts Gave thanks: 23 Thanked 25 times	You can block the IP in cPanel by going to the IP Deny Manager. I'm pretty sure that will give him a Server Not Found or Forbidden page when he tries to access your domain. __________________ \|\|http://eternal-realm.net \|\|http://usebbzone.com --------- Go There: Surpass Wiki ---------- \|\| SH106

December 15th, 2006, 7:05 PM	#3 (permalink)
mr_fern All Ur Base R Belong 2 Us Excelling Contributor Joined in Feb 2005 Lives in Vegas & New York 824 posts Gave thanks: 2 Thanked 6 times	Blocking through cpanel is the same as blocking in htaccess, which only applies to for access to the domain (and port 80). If you want to block the IP completely, you'll need to log into SSH and block the ip using iptables at the prompt, type: iptables -I INPUT -s IP_ADDRESS_HERE -j DROP which should block all requests that come in from that IP address __________________ Nobody doing nothing

February 6th, 2007, 3:29 AM	#9 (permalink)
Island Registered User Seasoned Poster Joined in Feb 2007 74 posts Gave thanks: 2 Thanked 5 times	APF firewall is still a good option too. http://www.rfxnetworks.com/apf.php Once installed you can add the offending IP's to deny_hosts.rules __________________ Digital Color Printing & Offset Printing Press Forum

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

December 15th, 2006, 8:25 PM	#5 (permalink)
lonelydreamer Surpass Fan Comfy Contributor Joined in Dec 2004 224 posts Gave thanks: 6 Thanked 19 times	Put in a support ticket, they should be able to help you.

December 15th, 2006, 8:33 PM	#6 (permalink)
Tearabite Registered User Seasoned Poster Joined in Aug 2006 66 posts Gave thanks: 11 Thanked 0 times	I'm going to read up on the iptables option.. I've gone thru more logs and it seems there are many others banging away on my server (only not as bad as this particular one) .. Am i right in assuming that this is just a loosing battle of wack-a-mole and I shouldnt bother trying to block them or report them to their ISP? FWIW, i reported these hack attempts to the ISP that owns the IP address - their AUP dept responded and said the customer had been warned/notifed. I assume this means that some 15 year old kid is going to get yelled at by his parents tonight..

February 1st, 2007, 1:04 AM	#8 (permalink)
Laibeus Lord Registered User Fresh Surpasser Joined in Feb 2005 Lives in Philippines 28 posts Gave thanks: 0 Thanked 0 times	I am assuming those attempted logins were attempts to login via SSH. If so, install this to your box DenyHosts -> http://denyhosts.sourceforge.net or ask Surpass to install it for you. That will help you curb the SSH login spam, which is eating your resources in the long run

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)