Automatic CSF IP Remover!

Hello
One of the major problem webhosts facing is the IP Block. Clients IP may accidentally get blocked due to several reasons such as Invalid cPanel Login attempt, or port scanning or some other reason. The villain (or hero ? ) is the firewall software that we use, in my case, ConfigServer Firewall ( CSF )

I can’t think disabling it because it is useful on most of the occasions. It alerts me about spamming/mass mailing etc etc etc.
So when the client’s IP get blocked, they may think that the whole server is DOWN ! And yes, this will create a bad opinion about the host and their service, although this is not their fault.

As a webhost, I receive so many tickets to remove the IP from the deny list which was blocked due to wrong cpanel or ftp login attempt. Luckly I’ve found a solution to this problem without disabling CSF completely.

What I am trying to do ?

I won’t want my clients IP get blocked and they think that our server is down. But I do want to block some hackers IP addresses using CSF.

Below posted a code snippt that I wrote to perform this task. If you set up this script to execute in every minute, it will clear the IPs denied by CSF. However, it won’t remove the IPs that are added by you manually. !

[php]
<?php
$file = file_get_contents("/etc/csf/csf.deny");
$lines = explode("\n",$file);
foreach($lines as $line)
{
$explode = explode("#",$line);
if(substr(trim($explode[1]),0,4) == "lfd:")
{
exec("/usr/sbin/csf -dr $explode[0]");
}
}
?>
[/php]

Installation.

Installation is quite simple. Assuming that you are doing to install it in /root location,

1. Login to server as root
2. type ‘nano remove_ip.php’ without quotes
3. This will open the nano editor. Copy and paste the above codes
4. Save by pressing F3+Enter and quit by pressing CTRL+X
5. Type “crontab -e” without quotes
6. This will open the crontab editor.
7. Add the below line at the end of the file

* * * * * /usr/local/cpanel/3rdparty/bin/php /root/remove_ip.php

Save it and exit. You are done. !

Let me know if you have any questions. 🙂

Vivek

2 thoughts on “Automatic CSF IP Remover!

  1. hey your code has a bit loop hole in it…..

    it works great first of all 🙂

    this bit of code

    $lines = explode(“n”,$file);

    should actually read as:

    $lines = explode(“\n”,$file);

    Use PHP’s explode() function and pass the newline \n character as a delimiter The “default” approach.

Leave a Reply

Your email address will not be published. Required fields are marked *