cPanel & WHM Version 108 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

STOP Attacker before attack happen

Stas shared this idea 6 years ago
Open Discussion

As a server administrator I would like cPanel to integrate with third-party monitoring services to allow me to filter traffic in my sever's firewall according to IP addresses managed by third parties, allowing me to more easily block traffic from known-malicious IPs that have no reason to log into my server.

For example, I would input the URL of a third party monitoring service, and cPanel would regularly ensure that the IP addresses in that third party list were blocked in my firewall.

Replies (7)


Isn't this already possible with mod security ?

You might also want to check out CloudLinux's Imunify 360 that does this as part of their product.



As we know it isn't.

We like use share database of low reputation IP addresses which do not have access to the server like SPAM blacklist.


Abuser attack server A. Server A report abuser IP address to share database.

All other services who use share databases prevent any interaction with abuser IP address.

IP address on this list cannot connect to the server.


Hi Stas,

It turns out malicious servers scan our networks by IP range and when security system bock, it go to the next IP.

It is for this reason that our Security Operations Center has put a security information management system (SIM) in order to view and manage thoses attacks and block them preventively on our other servers.

The BlockingList is very easy to use, go to WHM >> ConfigServer Security & Firewall >> lfd Blocklist and add this code at the end of file:

  1. # GreenSnow Hack List
  2. # Details:
  3. GREENSNOW|3600|0|

Enjoy tranquility !

If you wish to participate in the blocklist with honeypots, please contact me via the contact page.


modsec is for amateurs...

Look at CSF blocklists..... also :, which uses csf iptables

This will help you for most virulent ones, but you can't fight the whole world, since 10% IPs are bad :). Don't overcharge csf iptables, this can lead to a freeze of CSF, then server crash

We use nginx, and map custom settings to block big list when we want, just an exmaple, custom security is not on catalogue, and is large... We block countries like RU, CN, UA (because most come from here), and client can allow them if he wants thanks to an advanced nginx plugin system too....


Thank you!

We found this "csf.blacklist". And it could be that what we are searching for.

How it works map custom settings for big list?


You can also add list. I added this to my servers a few months ago and it made a word of differnece.



Leave a Comment
Attach a file