Performing IP Filtering Through cPanel – A Brief Tutorial
Posted on Tuesday, Sep 06, 2011 in "Control Panels"
Security is something that nearly every webmaster has the need for, but not every webmaster knows how to pursue effectively the appropriate security measures. Given the craftiness of the hacker world, it can seem to the novice an unwinnable fight where they just have to accept a certain amount of break-ins as a sort of collateral damage.
While it is good to understand that it’s impossible to make a lock that can’t be picked, this doesn’t mean that you should take frequent security breaches as the norm. With just a little bit of education and effort, the untrained webmaster can lock down their site to levels that it would take extreme efforts to break. This brief tutorial will focus specifically on how to use cPanel to filter the IP addresses that can access your web site, a step that, by itself, can keep a large percentage of attacks from even making it to your site.
IP Filtering – easy to do…
To filter an IP address or block of IP addresses from accessing your site using cPanel is simple. In the Security section near the bottom of your cPanel main page you will see an icon labeled “IP Deny Manager”. Click on it and you’ll be at a page where you can add new restrictions, see your current ones, and remove any existing ones. The page lists the appropriate formats (don’t bother with the CIDR format: it doesn’t do anything you can’t do any easier way).
Now, if you know how to block IP addresses, a more important question comes: what addresses to you block? If you are getting a wave of attacks from a single IP address, the choice of course is simple. But what do you do if they are coming from a number of IP addresses? The short answer is this: block a range if it feels right, but don’t go overboard.
Let’s say that you are getting attacks from 212.56.24.X, where X is variable, and nothing else from that class C (an IP address format is Class A.Class B.Class C.Class D). Then, blocking everything from 212.56.24 should be safe. But let’s say they are all from 212.56. You do some research and see that this is a university Class B and there are plenty of safe hits from those addresses. Of course, a college is going to have a few bored hackers. Taking down all of those addresses is overkill and will negatively impact your traffic.
Find the right middle ground
It’s rare that you are going to want to restrict anything more than a Class C. In general, you’re not going to want to restrict anything more than you have to. Use trial and error: block what you need to and, if the site continues to get hammered, modify and expand your rules. Then, once it feels like you might have scared them away, remove the blocks, keeping a close eye for 24-72 hours afterwards to make sure that they don’t start up again. Also, be sure to let your web host know if the attack is particularly vicious: they might want to filter the bad IP addresses on a network level.
IP Filtering by itself will not solve all of your security problems: no one method will. But it will ensure the bulk of the worst attacks will be filtered away from you so you can focus more on other things.
