Control Web Panel

Security => CSF Firewall => Topic started by: Thrivity on May 24, 2023, 03:45:43 PM

Title: I need Suggestion
Post by: Thrivity on May 24, 2023, 03:45:43 PM

Hello all today is very famous exploit to run on your website spammy links i have been using CWP for years and i am satisfied with the options that are offered in free and pro version. But my concern is security. Can someone suggest how we can avoid or active firewall with specific configuration to we prevent from this.
I have many sites hosted on CWP and it works like charm just i am afraid of exploits that run very fast this days
it shows spammy links on google.

MY site that i protect https://thrivity.com.mk (https://thrivity.com.mk)

Title: Re: I need Suggestion
Post by: josemnunez on May 25, 2023, 11:03:59 AM

Hello

You can enable mod_security, secure kernel and schedule some tasks for Maldet Scan, Rkhunter Scan, etc.

Title: Re: I need Suggestion
Post by: overseer on May 25, 2023, 02:14:25 PM

If you or your customers only do commerce within your own country, or know for sure you don't need access to some regions (eg southeast Asia), you can use CSF to block entire countries in /etc/csf/csf.conf:

Code: [Select]

CC_DENY = "CN,KP,VN"Do a search and see what are the top 10 hacking countries and include those in the block list.

Title: Re: I need Suggestion
Post by: hill on July 10, 2023, 12:13:04 AM

ive set mine to this, i get hits from many places around the world, these would have to be the top offending

CC_DENY = "CN,PK,NG,BD,IR,KZ,BY,MA,LT,DE"

Title: Re: I need Suggestion
Post by: overseer on July 10, 2023, 10:27:09 PM

Again, be careful of blanket blocks of CN -- Alibaba / Aliexpress vendors communicate directly from China. And Germany (DE) has a fair number of data centers that are critical infrastructure -- be careful of blocking bigger European countries for that reason (you could even cut yourself off from CWP ;)

Title: Re: I need Suggestion
Post by: hill on July 10, 2023, 10:34:19 PM

Quote from: overseer on July 10, 2023, 10:27:09 PM

Again, be careful of blanket blocks of CN -- Alibaba / Aliexpress vendors communicate directly from China. And Germany (DE) has a fair number of data centers that are critical infrastructure -- be careful of blocking bigger European countries for that reason (you could even cut yourself off from CWP ;)

customer visits alibaba, they either talk on wechat, directly on the website, or via email gmail or other

Title: Re: I need Suggestion
Post by: overseer on July 11, 2023, 12:36:39 AM

That's fine if all your customers are on board with those modes of communication. But obviously, not all of mine got the memo -- they are trying to interact directly with Alibaba sellers via their CWP-hosted e-mail, and thus I am seeing several stuck messages in my mail queues per day as a result. Apparently it's more of a thing than I realized. So I had to unblock CN on my firewall.