Monthly Archives: June 2019

Deny ALL connections with CSF

In this article, we will show how you can temporarily block server access with the use of CSF. CSF (ConfigServer Security & Firewall) is a powerful firewall for Linux systems.

First of all, you must make sure to whitelist your own IP. Use:

csf -a yourIP

root@www [/]# csf -a 192.168.11.11
Adding 192.168.11.11 to csf.allow and iptables ACCEPT...
root@www [/]#

To deny all inbound connections to all server services use:

csf -td 0.0.0.0/0 30 -d in "block all inbound connections for 30 seconds"

To deny all inbound connections to port 80 (Apache server), use:

csf -td 0.0.0.0/0 30 -p 80 -d in "block all inbound connections to port 80 for 30 seconds"

root@www [/]# csf -td 0.0.0.0/0 30 -p 80 -d in "block all inbound connections to port 80 for 30 seconds"
csf: 0.0.0.0/0 blocked on port 80 for 30 seconds inbound

To check the status of the previous temporary blocked IP(s), use:

csf -t

root@www [/]# csf -t
DENY  0.0.0.0/0                                 80    in    24s              block all inbound connections for 30 seconds

If you want to remove the IP(s) ahead of time:

csf -tr 0.0.0.0/0

Resources:
https://configserver.com/cp/csf.html

Share this post:

WP-CLI is included on all our web hosting plans

We are glad to announce that the WP-CLI (the command-line interface for WordPress) system is included on all our web hosting plans. Regardless of your web hosting plan, you have access now to the wp-cli commands.

wp cli logo

If you have any questions/comments about WP-CLI, please submit a ticket and we’ll be happy to help you. All our support technicians are provident in working with WP-CLI commands & scripts.

Check out our offers of wp-cli shared hosting and wp-cli reseller hosting plans.

Resources:
https://www.plothost.com/kb/tag/wp-cli/

Share this post:

Block users access to PHP directives

cPanel allows users to modify PHP directives on a per-directory basis. For more information on this feature check the link from the bottom of this article. Mainly a cPanel user will have to create a .user.ini file in the home directory (or any other directory) and he/she will be able to set new values for PHP directives. An example:

max_execution_time=100
memory_limit=128
etc.

.user.ini files

To limit this permission, as an admin, you will need to edit the main PHP configuration file on the server:

  1.  Log into WHM as root
  2. Navigate to Software >> MultiPHP INI Editor >> Editor Mode tab
  3. Choose the PHP version for which you want to disable .user.ini file permission.
  4. Search for “.user.ini” text. You will see the “php.ini Options” section of the configuration file
  5. In order to disable the .user.ini permission, you should comment out the line “user_ini.filename =” The “php.ini Options” section should look like:
    ;;;;;;;;;;;;;;;;;;;;
    ; php.ini Options ;
    ;;;;;;;;;;;;;;;;;;;;
    ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
    ;user_ini.filename = ".user.ini" 
    
    ;To disable this feature set this option to empty value
    user_ini.filename =
    
    ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
    ;user_ini.cache_ttl = 300
  6. Click the Save button
If you are using multiple PHP versions you should do the same changes to all PHP configuration files.

Now your cPanel users will not be able to use .user.ini files to modify PHP directives.

Resources:
https://php.net/manual/en/configuration.file.per-user.php
https://documentation.cpanel.net/display/CKB/How+to+Customize+PHP+Directives

Share this post: