Control Web Panel

Security => CSF Firewall => Topic started by: legendsph on May 28, 2022, 09:54:19 PM

Title: How to Prevent CWP BruteForce?
Post by: legendsph on May 28, 2022, 09:54:19 PM
Hi, I hope someone can help me :)

1. Does CWP have CPhulk like Cpanel? It basically blocks all Countries except for one configured country.

2. Also, How to prevent Bruteforce? I followed this tutorial:
https://wiki.centos-webpanel.com/csf-lfd-brute-force-protection

However, the IP address of the user that has been detected by CSF is not accurate. I think the IP is like changing every minute even without using VPN. Maybe because of the use of Cloudflare. Because if you register any domain, users can easily access the control panel without actually knowing the main hostname.

For example, if the hostname you set when installing the CWP is hostname.com, and if you or your panel's users register https://testing.com in their control panel, they can easily add 2087 and 2083 ports to access the admin and user panel. e.g. https://testing.com:2083 - user panel, https://testing.com:2087 or https://testing.com:2031- admin panel.

Are there also any ways to prevent that?

3. How to change the control panel ports: 2083, 2087, 2030, 2031 to something different? Thanks :)

I am new on CWP I just migrated from Cpanel yesterday. Thanks :)
Title: Re: How to Prevent CWP BruteForce?
Post by: studio4host on May 29, 2022, 06:32:52 AM
1. probably the best is to use IP Access control with LFD for admin/root.
https://wiki.centos-webpanel.com/ip-access-control

port change is not recommended as It could break the functionality of the panel.
Title: Re: How to Prevent CWP BruteForce?
Post by: thewebexpert on January 23, 2023, 11:40:51 AM
Hi, I hope someone can help me :)

1. Does CWP have CPhulk like Cpanel? It basically blocks all Countries except for one configured country.

2. Also, How to prevent Bruteforce? I followed this tutorial:
https://wiki.centos-webpanel.com/csf-lfd-brute-force-protection

However, the IP address of the user that has been detected by CSF is not accurate. I think the IP is like changing every minute even without using VPN. Maybe because of the use of Cloudflare. Because if you register any domain, users can easily access the control panel without actually knowing the main hostname.

For example, if the hostname you set when installing the CWP is hostname.com, and if you or your panel's users register https://testing.com in their control panel, they can easily add 2087 and 2083 ports to access the admin and user panel. e.g. https://testing.com:2083 - user panel, https://testing.com:2087 or https://testing.com:2031- admin panel.

Are there also any ways to prevent that?

3. How to change the control panel ports: 2083, 2087, 2030, 2031 to something different? Thanks :)

I am new on CWP I just migrated from Cpanel yesterday. Thanks :)

Anyone watching this, CWP already has this configured out of the box AND it blocks Wordpress login and xmlrpc attacks as well with no configuration required.
Title: Re: How to Prevent CWP BruteForce?
Post by: overseer on January 23, 2023, 06:42:59 PM
3. How to change the control panel ports: 2083, 2087, 2030, 2031 to something different? Thanks :)
I too am a cPanel migrant as of a few years back; now I am all-in on CWP (apart from 2 servers that are purpose-built and have Webmin for a web panel). You can definitely do away with port 2087, as that is just there to "ape" WHM's port choice. I would also also suggest doing away with port 2030, as vanilla http connections should always be upgraded to https versions where possible. Simply eliminating 2087 and 2030 in the firewall rules will suffice to end some attacks. I run with just 2083 & 2031 active.
Title: Re: How to Prevent CWP BruteForce?
Post by: Starburst on January 25, 2023, 10:32:42 PM
CSF support blocking & allowing country codes using CC_DENY = "" and CC_ALLOW = ""

e.g. to block Chinese country code IP's: CC_DENY = "CN"
Title: Re: How to Prevent CWP BruteForce?
Post by: overseer on January 26, 2023, 12:36:10 AM
Right, I do that too in CSF. I simply follow the guidance of looking up the top 10 hacking country sources and apply those as the CC_DENY list, minus any countries that may be clients or browser visitors on the server. I just wanted to avoid "naming names" here so as not to offend anyone on the forum who may happen to reside in those countries ;)
Title: Re: How to Prevent CWP BruteForce?
Post by: hill on July 07, 2023, 07:18:18 AM
i just block these .. "CN,PK,NG,BD,IR,KZ,BY"
Title: Re: How to Prevent CWP BruteForce?
Post by: overseer on July 07, 2023, 09:11:02 PM
Just note that your clients will then be unable to directly communicate with AliBaba/AliExpress vendors. I am now getting bounce messages and stuck messages in my queues after blocking CN.
Title: Re: How to Change CWP port
Post by: overseer on July 07, 2023, 09:13:12 PM
port change is not recommended as It could break the functionality of the panel.
And this is no longer true, if it ever was. I run CWP in HTTPS only and only on an alternate port:
https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/ (https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/)
Title: Re: How to Prevent CWP BruteForce?
Post by: hill on July 09, 2023, 10:28:47 PM
Just note that your clients will then be unable to directly communicate with AliBaba/AliExpress vendors. I am now getting bounce messages and stuck messages in my queues after blocking CN.

wait.. it should block visitors from these locations .. communication will remain via other mediums
Title: Re: How to Prevent CWP BruteForce?
Post by: overseer on July 10, 2023, 10:28:17 PM
It blocks their e-mails; they will get stuck in your mail queues.
Title: Re: How to Prevent CWP BruteForce?
Post by: hill on July 10, 2023, 10:33:10 PM
ah ok i see, i prefer my customers using gsuite for reliable email delivery