How to Block an IP address in WHM/cPanel

Large number of failed Login attempts - Block IP using WHM/cPanel

cPanel is a web hosting control panel which is written in perl language for automating, server configuration, website management and email.. It supports Linux operating system. It is released under Proprietary license. In general the cPanel uses 3 tier structure for the administrators, end-users and the resellers to monitor and control activity in the server and website through the web browser.

Features of cPanel & WHM for security

  • Monitor the Servers to tighten security
  • Easy to upgrade from other control panel
  • Easy to use
  • Dependability
  • Provides good support

Every system administrator will have fear that the server should not be hacked. For example, If there is domain called example.com then the hackers may try to login with the user name as example and enter random passwords like example@123 etc.

To block anonymous user/IP

The system administrator can block the anonymous user by registering and licensing with cPanel.

The cPanel provides various options to block anonymous IP using the Brute Force Protection. If particular user is trying to access or login with bad user name and password, it waits for 5 attempts. For security reasons the system will temporarily block the IP address to prevent the further attempts and sends the mail notification of the specific IP address to the registered mail id.

The mail received has the information' s like remote IP address, Number of authentication failure, maximum number allowed etc.

To blacklist the IP address

Navigate to the cPanel page&rarr security center &rarr cPHulk Brute Force Protection &rarr click blacklist management.

cPHulk provides the protection from brute force attacks against web services.

Now add the anonymous IP address in the new blacklist records and click add as shown in the below image.

IP address on the blacklist can never log in to your server

Now the IP has successfully added to the blacklist.

Now we have protected our server from anonymous user through cPanel. We can add any number of IP address to the blacklist records.
Let us discuss about the other security options available in the security in the upcoming articles.

Tag : WHM cPanel
FAQ
Q
When I created a new account. Why does it show disk space usage in Cpanel?
A
When the terminated or deleted account may still have files that the previous user's UID owns. The new account assumes ownership of all files that the previous user owns. When those files are untarred on your server, they are assigned to the ownership of the account which has that UID.
Q
How do I block an IP address from my server?
A
You can block IP addresses with WHM's Host Access Control interface (WHM >> Home >> Security Center >> Host Access Control).
Q
How do I disable or enable WHM access from the command line?
A
try these to disable WHM access for all users, block incoming traffic on port 2086 and 2087.
Q
Why do I receive groupadd or useradd errors when I attempt to create a new account?
A
If these files do not contain the flag, run the following commands:
chattr -i /etc/passwd
chattr -i /etc/group
Q
Block IP addresses at the firewall level - Safe to uncheck?
A
Yes, the option to block IP addresses in cPHulk is not required, so you can disable it if you prefer to use CSF to prevent these types of attacks.