Hi, I have set whostmgrd allow to ONLY my IP and deny ALL and yet I am still receiving daily brute force protection emails from several IPs. Correct me if I'm wrong but Host Access Control apparently is not working. Can you please suggest a better solution to stop hackers from accessing WHM and CPanel? Here is my Host Access Control configuration:
This is essentially leaving the port open, and relying on tcpwrappers to stop attacks. You will get much better results if you just open the port only for your IP address, and DROP all other traffic destined for the respective port (e.g. 2082/2083/2086/2087).
Expanding on SeerKan's post, is it recommended if you are the only one that's going to login to the server to manage it at the root-level, then don't put the respective ports in TCP_IN in /etc/csf/csf.conf, but rather, just whitelist the management IPs that you'll be connecting from, and the ports will respond to IPs in the whitelist.
Host Access Control does not work like that. It uses TCPWrappers so only SSHD there would work. I won't go in to details of that. 1) Secure the server. 2) Use LFD/CSF and tweak/fine tune for starters 3) Use HID 4) Use our whitelisting tool to only allow certain IPs into WHM on certain accounts. There are several other ways as well.