CSF is the best firewall for cPanel because of its rich Features
Config Server Firewall offers a wide range of protections for your VPS or dedicated server
Login authentication failure daemon:
CSF checks the logs for failed login attempts at regular time interval, and is able to recognize most unauthorized attempts to gain access to your cloud server. You can define the desired action CSF takes and after how many attempts in the configuration file.
The following applications are supported by this feature:
Courier imap, Dovecot, uw-imap, Kerio
cPanel, WHM, Webmail (cPanel servers only)
Pure-ftpd, vsftpd, Proftpd
Password protected web pages (htpasswd)
Mod_security failures (v1 and v2)
Exim SMTP AUTH
In addition to these, you are able define your own login files with regular expression matching. This can be helpful if you have an application which logs failed logins, but does block the user after specific number of attempts.
CSF can be configured to track processes in order to detect suspicious processes or open network ports, and send an email to the system administrator if any is detected. This may help you to identify and stop a possible exploit on your VPS.
Directory watching monitors the /temp and other relevant folders for malicious scripts, and sends an email to the system administrator when one is detected.
Enabling this feature allows CSF to send a more informative message to the client when a block is applied. This feature has both pros and cons. On one hand, enabling it provides more information to the client, and thus may cause less frustration for instance in case of failed logins. On the other hand, this provides more information, which might make it easier for an attacker to attack your VPS.
Port flood protection
This setting provides protection against port flood attacks, such as denial of service (DoS) attacks. You may specify the amount of allowed connections on each port within time period of your liking. Enabling this feature is recommended, as it may possibly prevent an attacker forcing your services down. You should pay attention to what limits you set, as too restrictive settings will drop connections from normal clients. Then again, too permissive settings may allow an attacker to succeed in a flood attack.
Port knocking allows clients to establish connections a server with no ports open. The server allows clients connect to the main ports only after a successful port knock sequence. You may find this useful if you offer services which are available to only limited audience.
Read more about port knocking
Connection limit protection
This feature can be used to limit the number concurrent of active connections from an IP address to each port. When properly configured, this may prevent abuses on the server, such as DoS attacks.
Port/IP address redirection
CSF can be configured to redirect connections to an IP/port to another IP/port. Note: After redirection, the source address of the client will be the server’s IP address. This is not an equivalent to network address translation (NAT).
In addition to command line interface, CSF also offers UI integration for cPanel and Webmin. If you are not familiar with Linux command line, you might find this feature helpful.
IP block lists
This feature allows CSF to download lists of blocked IP addresses automatically from sources defined by you.
How to install CSF firewall in cPanel server
1. Temporary directory to download the installation files
2. Remove already existing CSF source file
rm -fv csf.tgz
3. Download CSF source file
3. Extrace the downloaded file.
tar -xzf csf.tgz
4.Go to the extracted folder
5. Install it using the command below.
sh install.cpanel.sh For detaild instruction on how to install csf click here How to install CSF on cPanel server
Need our help to fix the issue ? Submit Support Ticket NowView Server Administration Packages