I’m running ConfigServer Firewall with its associated LFD (Login Failure Daemon) on one of my servers.

LFD I believe does much the same job as cPHulk but advice I found online suggests that if resources aren’t hogged then enable both for a stronger setup.

cPHulk has (in the CPanel/WHM control panel) an option to run an external command when an IP is blocked.

Command to Run When an IP Address Triggers Brute Force Protection

Using the CSF command line code, and a call to one of the scripts I described in a previous post, I’ve got cPHulk to block IPs on the CSF Firewall and on CloudFlare automatically.

There’s no way to have cPHulk run two commands in sequence so I created a new shell script to run the commands, and called that from cPHulk.

Here’s the command I put in:

sh /my-script-path/my-cphulk-script.sh %remote_ip%

And here’s the contents of my-cphulk-script.sh: (permissions set to 700)

#!/bin/bash
ip=$(printf "%q" $1)
csf -d $ip cphulk 
sh /my-script-path/cloudflare_block.sh $ip cphulk

The two mentions of ‘cphulk’ in there are simply ‘notes’ to accompany the block.