Search

HostGator Web Hosting Help

VPS and Dedicated Hosting: ConfigServer Security and Firewall

CSF is a firewall for VPS and Dedicated servers. CSF is not installed as part of our default images on VPS or Dedicated servers; however, it is quite a popular add-on, as it greatly simplifies tasks such as opening or closing ports. Rather than having to figure out iptables command syntax, CSF offers a GUI-based approach, integrated with WHM.

Customers can either install it themselves or request to have support install it. We may also suggest its installation. While we do not provide detailed support for the application, it is one you are likely to encounter while supporting servers, so some familiarity with its operation is recommended.

Installation

We can install CSF on request. This is done as root through the command line. The commands to do so are given below for your convenience, but you should always check the manufacturer’s site for the current version. These can be found here.

cd /usr/local/src/

wget https://download.configserver.com/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh
 

You will see Installation Completed.

cd ..

rm -Rfv csf/ csf.tgz

Setup

This will install the application and create the plugin for WHM, but it will initially be set in “Testing” mode. This can be disabled by logging into WHM, going to the Plugins » ConfigServer Security & Firewall section, clicking on the csf tab, and then in the csf -- ConfigServer Firewall, clicking on the Firewall Configuration button. Testing appears at the top, as in the screenshot below, and can be set to OFF.

ConfigServer Security and Firewall
By default, the RESTRICT_SYSLOG option is disabled, which will give a warning in the CSF control panel. This should be changed, as shown below with “3” being the recommended setting.
ConfigServer Restrict Syslog
After making the updates, you need to scroll down to the bottom, press the ‘Change’ button, and you will be prompted to “Restart csf+lfd”, completing the process of enabling CSF.

After installation and activation, it is strongly recommended to disable cPHulk, as its operation can potentially conflict with CSF. This is done in WHM > Security Center » cPHulk Brute Force Protection.

Configuration

By default, the initial configuration will open up a standard set of ports, as used by cPanel and associated services. If the customer has made any changes, for example, changing SSH/SFTP to run on a port other than 22, CSF’s configuration should be updated to take account of these. Support IP addresses can also be whitelisted, to help avoid potential future issues.

CSF configuration can be done in two ways, through the WHM GUI or on the command line.

Through the GUI

As mentioned above, most configuration is done through WHM > Plugins » ConfigServer Security & Firewall > csf tab > csf -- ConfigServer Firewall section > Firewall Configuration.

This offers detailed information for each section about its purpose and potential settings. The most commonly accessed section is the one which sets the open or closed ports:
ConfigServer Security and Firewall

You can add, delete or change ports, in- or out-bound, by editing the list, separating each with a comma. A range of ports to be opened can be specified by separating them with a colon, e.g. 49152:65534.
After making changes, update the configuration file using the ‘Change’ button and restart csf/lfd, as discussed above.
However, IP addresses can be blocked, unblocked or whitelisted “on the fly”, directly from the csf tab, as below. You can also search for an IP address and see if it has been blocked by CSF.
ConfigServer Quick Actions and Firewall

A little further down, you can find ‘Firewall Enable’ and ‘Firewall Disable’ options, which allow you to turn on and off CSF monitoring.

Using the Command Line

The configuration files for CSF live in /etc/csf, and can be edited manually, using your tool of choice. The main ones to know are:

  • csf.conf -- the main configuration file
  • cff.allow -- a list of IPs that should always be allowed through the firewall
  • csf.deny -- a list of IPs that should never be allowed through the firewall
  • csf.ignore -- a list of IPs that lfd should ignore and not block if detected

Note: after making changes to these by direct editing of the configuration files, it is typically necessary to reload CSF, so that the new settings get picked up. This can be done by running the following command as root:

csf -r

Useful Commands

Many functions of CSF can be carried out from the command line, saving you the need to log in to WHM. Here are some of the most common ones.

  • csf -e -- Enable CSF
  • csf -x -- Disable CSF. This is especially useful as it can be run through the HAL command line, and can help us get on to the server if support IPs have been blocked by CSF.
  • csf -s -- Start the firewall rules
  • csf -f -- Flush/Stop firewall rules
  • csf -r -- Restart or reload the firewall rules
  • csf -a 12.34.56.78 [Optional comment] -- Allow IP 12.34.56.78 and add to /etc/csf/csf.allow
  • csf -td 12.34.56.78 [Optional comment] -- Place IP 12.34.56.78 on the temporary deny list
  • csf -tr 12.34.56.78 -- Remove IP 12.34.56.78 from the temporary IP ban csf -tf -- Flush all IPs from the temporary IP entries
  • csf -d 12.34.56.78 [Optional comment] -- Deny IP 12.34.56.78 and add to /etc/csf/csf.deny
  • csf -dr 12.34.56.78 -- Unblock IP 12.34.56.78 and remove from /etc/csf/csf.deny
  • csf -df -- Remove and unblock all entries in /etc/csf/csf.deny
  • csf -g 12.34.56.78 -- Search the iptables rules for a match (e.g. IP, CIDR, Port Number)
  • csf -t -- Displays the current list of temporary allow and deny IP entries with their TTL and comments

Common Questions

What is the difference between “allow” and “ignore”?

Allowing an IP will mean it should always be let through the firewall. Ignoring an IP means it won’t get blocked if it is detected, for example, if there are multiple failed login attempts from it. Both allowing and ignoring an IP you want to permit is the safest bet.

Can IP ranges be blocked?

Yes. This can be done through the GUI or command line, but in both cases, the range needs to be specified in CIDR format. For example, to block the range from 14.215.176.0 through to 14.215.176.255, you must input it into the system as 14.215.176.0/24.



Was this resource helpful?
Helpful Unhelpful


Did this resolve your issue?
Solved Unsolved


Please add any other comments or suggestions about this content:





Recommended Help Content

VPS and Dedicated Hosting: Third Party Applications
VPS and Dedicated servers come with all applications necessary to run a standard web and email server. The applications that come with the VPS and Dedicated servers are generally supported as-is by our support technicians.
Knowledgebase Article 87,216 views tags: application configserver csf dedicated django elastisearch ffmpeg java js litespeed mongodb nginx node private python server tomcat virtual vps

VPS and Dedicated Hosting: Enabling FTP on New Servers
This article will explain how-to enable FTP on a newly provisioned VPS or Dedicated cPanel server. Since FTP is an unsecured connection point to the server, cPanel has it disabled by default in version 11.86 or prior.
Knowledgebase Article 44,942 views tags: dedicated file ftp root server transfer vps

CentOS 7 and cPanel Upgrades
VPS and Dedicated customers with servers running the CentOS 6 operating system will not be able to upgrade cPanel past version 86. The cPanel team will still support CentOS 6 with cPanel 86 until March 31st, 2021.
Knowledgebase Article 114,517 views tags: centos cpanel dedicated hosting private server upgrade virtual vps

Related Help Content

VPS and Dedicated Hosting: Restore or Transfer cPanel
If you need to transfer or restore a cPanel account for your VPS or Dedicated server, there is a tool within the WHM panel to perform these tasks. This article is about transferring or restoring from another server or restoring after a re-image.
Knowledgebase Article 87,537 views tags: backup cpanel dedicated hosting restore server transfer vps

SiteLock Support
This article will explain how and when to contact SiteLock for support.
Knowledgebase Article 143,086 views tags: security sitelock support

Basic Site Security Checklist
What can I do to increase my Site Security while hosting with HostGator?
Knowledgebase Article 420,371 views tags: antivirus basic hacked keyloggers malware php security site

Account Validation
When you call in for help with your account, the account must be validated before our support staff can assist.
Knowledgebase Article 132,910 views tags: account security support validate validation

Securing a Dedicated or VPS Server
This article discusses some measures you can take to secure a Dedicated or VPS server
Knowledgebase Article 101,372 views tags: dedi security vps

VPS or Dedicated - Installing and using RoR with Passenger
This article will explain how to use RoR through passenger on a hosting account
Knowledgebase Article 176,398 views tags: dedicated passenger redmine ruby vps

Install WordPress using Marketplace
We provide a program which makes it very easy to install third party scripts to your hosting account. If you want your website to have a WordPress blog, you can use MOJO Marketplace to install WordPress.
Getting Started Article 1,126,575 views tags: blog install scripts simple wordpress

How to Contact Support
Please have your account name, domain name, and primary email address handy when contacting support so we can assist you quickly. Need help? This article will explain how to prepare for and contact support.
Knowledgebase Article 181,923 views tags: Contact chat customer phone service support tech technical token troubleshoot user username verification