Web hosts lose thousands of dollars to server attacks. Data loss and downtime badly affects hosting credibility. Securing web servers from attacks is crucial for business success.

In our role as Outsourced hosting support specialists for web hosts, ensuring fool-proof server security is a major task we do to protect servers from hacks.  

cPanel firewalls – A boon or a curse?

cPanel servers come with a strong firewall combo – Config Server Firewall (CSF) and Login Failure Daemon (LFD). When configured right, they provide protection to the servers by preventing unauthorised access and malicious attacks.

By blocking IP addresses that reach a specific connection limit, the CSF firewall protects cPanel servers from port scan, SYN attacks, DOS attacks, etc.

But these firewalls have no intelligence of their own. They work based on how you configure it. If the rules are too relaxed, they may not serve the intended purpose.

The default settings of the cPanel CSF/LFD firewall allow only a limited number of access to the services such as website or email. If the firewall rules are set too tight, valid users get blocked and find it difficult to access their sites.

For instance, customers who save passwords in their devices may forget to update it after a change. Someone who is experimenting with his website can accidentally violate the security rules or exceed connection limits.

All such valid customers can also get blocked by the cPanel firewall rules. We’ve seen many instances where the end users complain to the web host about their site unavailability or missing emails.

How we help you get the best out of your cPanel firewalls

Too strict a firewall rule can prevent normal website functioning, whereas inadequate hardening can lead to hacks. Both these scenarios can cause an adverse effect on your hosting business, and may cost you anything from a few to thousands of dollars.

Every web host know how costly and stressful it is to acquire new customers, compared to the cost and efforts involved in retaining existing customers by ensuring them a stable and secure hosting service.

Though automated IP block software such as cPanel firewalls helps provide security and stability to servers, they lack adaptability and logic. But expert server specialists can tune them to deliver the best protection along with ensuring a normal functionality.

See how we help hosting companies!

At Bobcares, we install and configure server firewalls as a part of the initial server hardening and setup. With our expertise managing a multitude of cPanel hosting servers over the years, we know the ideal settings that suit each business type.

But we don’t stop with this one-time setup. As even a few failed logins can lead to the valid customer IP addresses being blocked, our server experts perform these tasks on an ongoing basis to ensure a smooth business run for web hosts.

1. Audit all cPanel firewall logs in the server once a week to make sure valid requests are not blocked.
2. By examining the pattern of IP blocks, we determine whether the firewall rules are strict server wide or specific to one customer.
3. Based on the reason for the IP blocks, we update the firewall configuration settings to avoid block of legitimate user access.
4. If the customer’s web or other application have any conflicting settings with the server firewall, we get that sorted out.
5. In cases where IP block issues are frequently noted for many users, we optimize the server firewall settings further.

Factors such as change in the number of accounts, traffic spike of web sites, end customer applications, etc, can have an impact on the adequacy of the cPanel firewall rules.

With our continual firewall maintenance process, which includes adding new rules based on impending new threats and modifying existing rules based on audits, we’ve been able to provide reliable and delightful experience to our customers.

Firewall misconfiguration is one of the top reasons for customer complaints in cPanel hosting servers. If you would like to know how to avoid downtime for your customers due to cPanel IP blocks, we would be happy to talk to you.