cPanel Setup - Firewall

This tutorial is part of the series
cPanel Server Setup Guide

In this tutorial, which is part of our cPanel Setup series, we will give you a brief overview about setting up ConfigServer Firewall (CSF) onto your WHM powered VPS. This will protect your server from unwanted visitors and attempts at brute forcing onto the server.

A firewall to protect your server is a must, and this is probably one of the most commonly used ones, and even better, it is completely free to use.

Written By

Kenny Turner


Founder of southcoastweb, Passionate about PHP, MySQL, Laravel and Linux Servers.

Getting Started

We will be installing a free firewall plugin for WHM, to protect the server. You can read more about the firewall if you visit the ConfigServer website, and there are also a couple of plugins for WHM that are also very useful. To read more about the ConfigServer Security and Firewall please visit this page: https://configserver.com/configserver-security-and-firewall/

Installation

This is how to install the plugin in the simplest way on WHM server.

  1. Log onto your whm server as root access
  2. In the search bar at top of menu type : terminal
  3. Select the option from the sidebar to open the built in terminal
  4. To download and install CSF firewall please enter the following commands into the terminal:
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Starting the firewall

When you first go onto the firewall, which you will now find in plugins on your WHM side menu, the firewall will probably be in testing mode and you will be faced with a screen similar to below:

So the first task is to open the configuration file and enable the firewall. If you scroll down the page a little bit you will see a ‘configuration’ button. This will open a screen where you will see the first option is to enable the firewall.

Simply turn the testing to ‘Off’ to start the firewall. You will now need to scroll all the way to bottom and click ‘change’. It will now ask you to ‘restart csf’ which you click and it will take you back to the csf main page.

Developer Tip:
Remember where this is, as sometimes you may want to disable the firewall when testing certain things like SMTP sending and quickly disabling this whilst testing can resolve some time-consuming issues.

Allowlisting an IP Address / Range

So the next step is to protect yourself from a rookie mistake..

You will need to prevent yourself from getting blocked in the firewall.

On the main CSF page scroll down until you see this:This is the quick actions area of CSF.

Go to ‘quick allow’ section and you will see two boxes, one for an IP address, and one for a description.

Next to the IP address text field click the cog icon. This will then add your IP address into the text field.

Now type your name or a memorable description in the text field below.

Click the ‘Quick Allow’ button to make yourself whitelisted.

To allowlist a client or someone you know to be safe, do exactly the same process, except enter their IP address into the first text field.

If you cannot find their IP address, please instruct them to visit this link: https://www.whatsmyip.org/

This should show a IPV4 IP address in a format like: 95.182.65.22

Blocklisting an IP Address / Range

So now this is the fun part, this is where you can shut down a hacker’s attempt at doing anything untoward on your server. If you find that you are constantly getting bombarded with spam from the same IP address or simply because something looks off on your analytics you can easily deny them access to every site on the server.

Again, this can be done from the quick actions area on the main CSF screen.

Within the ‘Quick Deny’ area, which is similar to the ‘quick allow’ area. You add the IP address you wish to block, and a reference in the second field. Click the ‘Quick Deny’ button and thats all there is to it.

Unblocking an IP Address

If a client is having trouble accessing their website on your server, and receiving ‘server not found’ error. Firstly check the server is running and the site is reachable but from a different IP address / internet connection. Preferably one that has been previously whitelist.

This tends to prove very quickly the firewall has blocked their access.

Again this can be done from the quick actions area on the main CSF screen. With the ‘Quick Unblock’ area simply enter the clients IP address. Click the ‘Quick Unblock’ button and it will load a screen telling you if the IP address has been in the blacklist, and now is unblocked.

If your client does not know their IP address, tell them to head over to: https://www.whatsmyip.org/ and their IP address will be displayed on the screen.

Taking it further

For more information on setup and personal tweaks please vist the website, where you will find a simple guide. Just in case you missed the link earlier her it is again: https://configserver.com/configserver-security-and-firewall/

Uninstalling the Firewall

So it didn’t work out?

This is how to uninstall the plugin in the simplest way on WHM server.

  1. Log onto your whm server as root access
  2. In the search bar at top of menu type : terminal
  3. Select the option from the sidebar to open the built in terminal
  4. To Uninstall CSF firewall please enter the following commands into the terminal:
cd /etc/csf
sh uninstall.sh

More Tutorials

Here are some more tutorials that we think might be helpful for you. Feel free to contact us if there's anything you might need

cPanel Setup - File Explorer

Continuing with our cPanel Setup series, this tutorial will give you an overview about setting up ConfigServer Explorer (CSE) onto your WHM powered VPS. This is not an essential plugin, but definitely one that is very handy, and again it is completely free, so why not?

Automating your service and repository patterns in Laravel with command generators

"Why spend 20 seconds doing something when you can spent 4 hours automating it," goes the proverb. See any professional proverbists around any more? No, because they've all been automated. Also it's fun. Whatever your programming pattern in Laravel, chances are that the php artisan make:x command is going to leave you high and dry on occasion. That's why it can be useful to have your own commands available to cover those gaps. We're going to go with the example of the "Service" pattern below.

Passing through slots in Vue

If you're keeping your Vue component sizes small, there's a good chance you'll need to implement a wrapper component at some point. If you're only utilising the default slot for these, it can be as simple as putting a <slot /> tag inside your wrapper component. However, there's a bit more effort involved if you need to pass through named slots to your base component

How to Create a Simple Button Component in Figma

In this tutorial, we’ll create a simple button using Figma’s built-in component system.

Easier Laravel polymorphic relationships with MorphMap

Polymorphic relationships are a hugely powerful way to make connections between tables in a Laravel application. Say you have tables called companies, users, & admins and all three needed to store addresses, without polymorphic relationships, we'd either have to forego standard two-way relationships in an addresses table and just use the ID, or we'd have to have three separate addresses tables, or even have all of our address fields on each of our three tables. All carry the weight of redundancy, repetition and unnecessary complexity.

Copyright 2007 - 2023 southcoastweb is a brand of DSM Design.