Author Topic: CWP add temporary allow ip on login control panel  (Read 1471 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWP add temporary allow ip on login control panel
« on: March 27, 2024, 11:46:23 AM »
When I login the admin panel CWP add an temporary entry in csf to allow for 24 hours my own client IP.

I dont understand why my IP from where I loggin is added automatically in cwp/csf in section Temporary Allow and Deny IP entries.
I saw in iptables that the IP was added in Chain ALLOWIN after I've logged in CWP.
What is the default rule for port CWP accessing port 2031 in iptables : I saw policy INPUT drop and :
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2031

Is there a way to change this behaviour: I mean to not be added automatically IP in CWP after in logged in CWP (/var/lib/csf/csf.tempallow ) ? I would like to see the configuration for this behaviour
I want to understand what is this and how can I change in order not to be added my IP automatically:

Chain ALLOWIN (1 references)
target prot opt source destination
ACCEPT all -- [my IP] 0.0.0.0/0

Chain ALLOWOUT (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 [my IP]


If for example a hacker succeed to login on cwp (steel the password etc ), cwp will add the hacker IP on temporary list then what is the benefit ?
i would like to know the advantages of the chain ALLOWIN

Thank you

Offline
*****
Re: CWP add temporary allow ip on login control panel
« Reply #1 on: March 27, 2024, 12:12:57 PM »
Note, in CWP,  CSF controls IPTables.

In CSF, TCP_IN, you can block ports 2030 & 2031, and just whitelist your IP address.
Whitelisted IP's have access to all ports, whether listed or not in TCP_IN.

That way you don't have to worry about hacker brute-forcing your login.

Offline
*****
Re: CWP add temporary allow ip on login control panel
« Reply #2 on: March 27, 2024, 06:19:59 PM »
Also consider changing your admin port from 2031 and/or 2087, which are commonly scanned by script kiddies. (And of course, you would NEVER use 2030 -- the port without SSL.)
https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/

Offline
*****
Re: CWP add temporary allow ip on login control panel
« Reply #3 on: March 28, 2024, 04:25:39 AM »
Also consider changing your admin port from 2031 and/or 2087, which are commonly scanned by script kiddies. (And of course, you would NEVER use 2030 -- the port without SSL.)
https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/

lol. 6969

Nice little KB, yours @overseer?

Offline
*****
Re: CWP add temporary allow ip on login control panel
« Reply #4 on: March 28, 2024, 06:25:19 PM »
No, just some Vietnamese site I came across once upon a time. It's in my notes for setting up a CWP server from scratch, so I point people to it as a suggestion for hardening a CWP install.