Bobcares.com provides white-labeled end-user tech support to hosting providers. Some of our customers use cPanel & WHM servers, and in these servers end-users often complain about IPs blocks due to cPanel firewall (aka cpHulk).
In support tickets, users often request disabling the cPanel firewall, but we advice against it.
Don’t disable cPanel firewall. Here’s why.
Web hosts lose hundreds or even thousands of dollars every year due to IP blacklisting. Angry customers who see their mails bouncing, websites blacklisted and online sales plummeting cancel their accounts, and leave bad reviews about the hosting provider, which depletes customer base and drives down sales.
IPs get blacklisted due to spamming and malware infection, and a popular way hackers do it is by gaining access to valid accounts using Brute Force Attacks.
cPanel’s solution to Brute Force Attacks is cpHulk, which blocks an IP if there are successive login failures (usually the sign of brute forcing) to SMTP, POP, FTP or Admin services.
So, disabling cPanel firewall is just switching one problem for another, which is why we always recommend to keep the firewall on.
See how we help web hosting providers
Why cPanel firewall (cpHulk) blocks valid users
If the cPanel firewall is designed to keep hackers out, why is it blocking valid users, right?
Well, some customers forget to update their new password in mail clients, FTP clients or password managers. It causes these programs to repeatedly retry logging in using invalid login details, which mimics a brute force login attempt. We’ve seen many variations of this issue:
- Users having multiple devices forget to update password in one of them.
- Everyone sharing an office IP blocked out because one staff forgot to update their password.
- Mail/FTP settings misconfiguration.
- ..and more
What we do to prevent valid IPs from being blocked
Our support services consist of two parts – (1) Fixing issues reported by customers and (2) Preventive maintenance to resolve recurring issues.
When a customer submits a ticket to unblock their IP, we do it within a few minutes, but more importantly, we look through the logs to see WHY a valid IP was blocked in the first place. If the IP was blocked because firewall sensitivity is too tight, we tweak cpHulk settings so that similar issues are avoided in the future.
In addition to this, we audit the support queue periodically to check if there’s a rise in a particular category of tickets, and if so, what can we do to prevent it. So, if there’s a spike in IP block issues, we review the firewall settings, and make changes so that valid users are not affected any more.
For VPS hosting clients who do not want to meddle with cpHulk settings, we use pre-configured alternate cPanel firewalls like CSF/LFD, APF/BFD, Fail2Ban, and more. We use tried and tested firewall settings for VPS customers, which doesn’t cause invalid blocks.
Alternatives to cpHulk
While cpHulk is the default cPanel firewall, there are alternate 3rd party and open source firewalls that we’ve used with cPanel. In cases where maintaining cpHulk proved to be too much of a hassle, we’e used one of these:
- CSF/LFD (ConfigServer Security & Firewall / Login Failure Daemon) – This tool has a WHM interface, and offers more modular controls than cpHulk.
- Fail2Ban – This tool is popular among Plesk users and the general Linux community, but works well with cPanel as well.
- APF/BFD (Advanced Policy Firewall / Brute Force Detection) – APF is an older firewall for hosting servers, but it still works well if configured correctly.
Conclusion
IP blocks can be a hassle, but disabling cPanel firewall to avoid IP blocks will just make your server vulnerable. We provide white-labeled tech support for hosting companies, and for these customers we prevent invalid IP blocks by adjusting cpHulk sensitivity settings, or by using alternate cPanel firewalls like CSF/LFD or Fail2Ban.
If you would like to know how to avoid downtime for your customers due to cPanel IP blocks, we would be happy to talk to you.
0 Comments