How to Prevent CWP BruteForce?

Hi, I hope someone can help me

1. Does CWP have CPhulk like Cpanel? It basically blocks all Countries except for one configured country.

2. Also, How to prevent Bruteforce? I followed this tutorial:
https://wiki.centos-webpanel.com/csf-lfd-brute-force-protection

However, the IP address of the user that has been detected by CSF is not accurate. I think the IP is like changing every minute even without using VPN. Maybe because of the use of Cloudflare. Because if you register any domain, users can easily access the control panel without actually knowing the main hostname.

For example, if the hostname you set when installing the CWP is hostname.com, and if you or your panel's users register https://testing.com in their control panel, they can easily add 2087 and 2083 ports to access the admin and user panel. e.g. https://testing.com:2083 - user panel, https://testing.com:2087 or https://testing.com:2031- admin panel.

Are there also any ways to prevent that?

3. How to change the control panel ports: 2083, 2087, 2030, 2031 to something different? Thanks

I am new on CWP I just migrated from Cpanel yesterday. Thanks

1. probably the best is to use IP Access control with LFD for admin/root.
https://wiki.centos-webpanel.com/ip-access-control

port change is not recommended as It could break the functionality of the panel.

Hi, I hope someone can help me

1. Does CWP have CPhulk like Cpanel? It basically blocks all Countries except for one configured country.

2. Also, How to prevent Bruteforce? I followed this tutorial:
https://wiki.centos-webpanel.com/csf-lfd-brute-force-protection

However, the IP address of the user that has been detected by CSF is not accurate. I think the IP is like changing every minute even without using VPN. Maybe because of the use of Cloudflare. Because if you register any domain, users can easily access the control panel without actually knowing the main hostname.

For example, if the hostname you set when installing the CWP is hostname.com, and if you or your panel's users register https://testing.com in their control panel, they can easily add 2087 and 2083 ports to access the admin and user panel. e.g. https://testing.com:2083 - user panel, https://testing.com:2087 or https://testing.com:2031- admin panel.

Are there also any ways to prevent that?

3. How to change the control panel ports: 2083, 2087, 2030, 2031 to something different? Thanks

I am new on CWP I just migrated from Cpanel yesterday. Thanks

Anyone watching this, CWP already has this configured out of the box AND it blocks Wordpress login and xmlrpc attacks as well with no configuration required.

3. How to change the control panel ports: 2083, 2087, 2030, 2031 to something different? Thanks

I too am a cPanel migrant as of a few years back; now I am all-in on CWP (apart from 2 servers that are purpose-built and have Webmin for a web panel). You can definitely do away with port 2087, as that is just there to "ape" WHM's port choice. I would also also suggest doing away with port 2030, as vanilla http connections should always be upgraded to https versions where possible. Simply eliminating 2087 and 2030 in the firewall rules will suffice to end some attacks. I run with just 2083 & 2031 active.

CSF support blocking & allowing country codes using CC_DENY = "" and CC_ALLOW = ""

e.g. to block Chinese country code IP's: CC_DENY = "CN"

Right, I do that too in CSF. I simply follow the guidance of looking up the top 10 hacking country sources and apply those as the CC_DENY list, minus any countries that may be clients or browser visitors on the server. I just wanted to avoid "naming names" here so as not to offend anyone on the forum who may happen to reside in those countries

i just block these .. "CN,PK,NG,BD,IR,KZ,BY"

Just note that your clients will then be unable to directly communicate with AliBaba/AliExpress vendors. I am now getting bounce messages and stuck messages in my queues after blocking CN.

port change is not recommended as It could break the functionality of the panel.

And this is no longer true, if it ever was. I run CWP in HTTPS only and only on an alternate port:
https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/

Just note that your clients will then be unable to directly communicate with AliBaba/AliExpress vendors. I am now getting bounce messages and stuck messages in my queues after blocking CN.

wait.. it should block visitors from these locations .. communication will remain via other mediums

It blocks their e-mails; they will get stuck in your mail queues.

ah ok i see, i prefer my customers using gsuite for reliable email delivery