Archives

Whitelist an IP in CSF for remote MySQL connections

ConfigServer Security & Firewall (csf) is a popular firewall for Linux web servers. Many cPanel web servers use it. By default, the csf is configured to block incoming connections to MySQL port, which is 3306.
But you have a client that requires a direct connection to the MySQL server. What can you do? Opening the port 3306 to public is not a very good idea. You can set up a rule in csf to allow incoming connections to MySQL from specific IP(s).

 

csf WHM Interface
csf WHM Interface

For this you will need to edit the file /etc/csf/csf.allow

####################### ########################## # Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ########################## # The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore

 

Add the following lines to the file /etc/csf/csf.allow (replace 192.168.1.0 with the desired IP):

tcp|in|d=3306|s=192.168.1.0
udp|in|d=3306|s=192.168.1.0

Restart csf and that IP will be able to connect to MySQL/MariaDB server.

Share this post:

Whitelist Google, Bing, Yahoo, Yandex, Baidu bots in csf and mod_security

ConfigServer Security & Firewall or csf for short is a popular firewall solution for cPanel servers. Combined with some good rules for mod_security, it does a great job.
To prevent csf temporary/permanently blocking the IPs of good bots you should edit the file /etc/csf/csf.rignore

####################### ##########################
# Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ##########################
# The following is a list of domains and partial domain that lfd process
# tracking will ignore based on reverse and forward DNS lookups. An example of
# its use is to prevent web crawlers from being blocked by lfd, e.g.
# .googlebot.com and .crawl.yahoo.net
#
# You must use either a Fully Qualified Domain Name (FQDN) or a unique ending
# subset of the domain name which must begin with a dot (wildcards are NOT
# otherwise permitted)
#
# For example, the following are all valid entries:
# www.configserver.com
# .configserver.com
# .configserver.co.uk
# .googlebot.com
# .crawl.yahoo.net
# .search.msn.com
#
# The following are NOT valid entries:
# *.configserver.com
# *google.com
# google.com (unless the lookup is EXACTLY google.com with no subdomain
#
# When a candidate IP address is inspected a reverse DNS lookup is performed on
# the IP address. A forward DNS lookup is then performed on the result from the
# reverse DNS lookup. The IP address will only be ignored if:
#
# 1. The results of the final lookup matches the original IP address
# AND
# 2a. The results of the rDNS lookup matches the FQDN
# OR
# 2b. The results of the rDNS lookup matches the partial subset of the domain
#
# Note: If the DNS lookups are too slow or do not return the expected results
# the IP address will be counted towards the blocking trigger as normal
#

Add the following lines to /etc/csf/csf.rignore file:

.googlebot.com
.crawl.yahoo.net
.search.msn.com
.google.com
.yandex.ru
.yandex.net
.yandex.com
.crawl.baidu.com
.crawl.baidu.jp

csf is blocking IPs when a host is blocked for a number of times by a mod_security rule. So, we must go to the root of the problem – we will create mod_security rules to allow good bots.
For this, we will edit the mod_security .conf files. If you are using cPanel EasyApache 4, add the following lines to the file /etc/apache2/conf.d/modsec/ modsec2.user.conf

HostnameLookups On
SecRule REMOTE_HOST "@endsWith .googlebot.com" "allow,log,id:5000001,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .google.com" "allow,log,id:5000002,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .search.msn.com" "allow,log,id:5000003,msg:'msn bot'"
SecRule REMOTE_HOST "@endsWith .crawl.yahoo.net" "allow,log,id:5000004,msg:'yahoo bot'"
SecRule REMOTE_HOST "@endsWith .yandex.ru" "allow,log,id:5000005,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.net" "allow,log,id:5000006,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.com" "allow,log,id:5000007,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.com" "allow,log,id:5000008,msg:'baidu bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.jp" "allow,log,id:5000009,msg:'baidu bot'"

After adding these lines, please restart the Apache Web Server. After some time, you will see entries in the server logs. Just go to WHM->Security Center->ModSecurity™ Tools->Hits List or from the command line:

root@web [/]# grep "500000" /usr/local/apache/logs/error_log | tail -30

 

cPanel Mod_Security Logs
cPanel Mod_Security Logs

Resources:
https://webmasters.googleblog.com/2006/09/how-to-verify-googlebot.html
https://yandex.com/support/webmaster/robot-workings/check-yandex-robots.xml
https://www.bing.com/webmaster/help/how-to-verify-bingbot-3905dc26
https://github.com/SpiderLabs/ModSecurity/wiki/

Share this post:

How to check if a domain is on the server

You have a lot of domains and you want to quickly check if a domain exists on the server. Just run the shell command: grep yourdomain /etc/userdomains

root@web [~]# grep demo.plothost.com /etc/userdomains
demo.plothost.com: plothost
root@web [~]#

In this case, the domain “demo.plothost.com” exists and it belongs to user “plothost”.

You may also want to know if the domain resolves to your server/IP. Use:

root@web [~]# dig demo.plothost.com

; <<>> DiG 9.9.0-RedHat-9.9.0-38.el7_3.2 <<>> demo.plothost.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30116
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;demo.plothost.com.             IN      A

;; ANSWER SECTION:
demo.plothost.com.      5388    IN      A       162.255.100.100

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 20 04:11:52 PDT 2017
;; MSG SIZE  rcvd: 62

root@web [~]#

If the domain has an cPanel account you can search for it in WHM -> Account Information -> List Accounts.

WHM Search Account
WHM Search Account

On all our reseller plans you can host an unlimited number of domains. Check the offer here.

Share this post:

How to restart cPanel/WHM

Ever wanted to restart the cPanel/WHM system ? There is no need to restart your operating system. You can restart only the cPanel/WHM system via a simple command.
You need to be logged in as root via SSH. Execute the following command :

# /etc/init.d/cpanel restart

If you need any assistance please contact your host.

Share this post:

How to restart a service via WHM interface

cPanel/WHM offers a nice graphic interface to restart important services like Apache, FTP, MySQL etc.
First, you should login to WHM as root. Go to Restart Services menu like in the image bellow.
restart services

From here just select the service you want to restart and click the “Yes” button like in the following image .
restart services 2
The example is for the pure-ftpd service, but the interface is the same for all other services.

After the service is successfully restarted you will get a message like :

Waiting for ftpserver to restart………finished.
pure-ftpd (pure-ftpd (PRIV)) running as root with PID 4062 (process table check method)
pure-authd (/usr/sbin/pure-authd -s /var/run/ftpd.sock -r /usr/local/cpanel/bin/pureauth) running as root with PID 4050 (pidfile check method)
ftpserver started ok

The exact image is
restart services 3

For more details please visit the official support page at cPanel Documentation

Share this post:
Page 8 of 8
1 6 7 8