Tech

Permaban users on ConfigServer (CSF)

Hi all! For personal reasons, there is an IP address that I wish to permaban on ConfigServer (CSF). The address attempted a DDoS attack on my device and luckily failed. However, I do not exactly want to repeat the experience. How can I add this particular function anywhere on the system? I tried IP Tables but it did not work.

Actually, it’s useless

The chances are that these are like ghosts, which like a virus will propogate, so blocking them permanently would be a wasted effort.

Besides If there are too many IP’s then it’s impossible to figure out by seeing DDOS report, even if you do, they might generate another address and comes back with stronger and faster interval ping.

But if you insist here are the steps

Block an IP from WHM:

  1. Log in to WHM as root.

  2. Navigate to Plugins section, then to ConfigServer Security & Firewall

  3. Look for the Quick Deny section/button. Enter the IP/IP range in the red edit box. If you want, you can also add a comment in the next edit box.
    csf quick deny

  4. Click the Quick Deny button.

  5. The IP will be added to the block list – /etc/csf/csf.deny file – and you will see a confirmation message:
    csf add ip

  6. Click the Return button to return to the CSF main page.