I added a spam whitelist rule to the file on my WHM/cPanel server: File: New rule in place: I added this because a lot of mail from ‘a-special-domain-name.co.uk’ was being tagged as spam and disappearing. But in a daily cron task, cPanel went ahead and removed the rule automatically and emailed me about it: How annoying! It turns out that … Read More
CloudFlare Free Full SSL; Not As Secure As You Think?
CloudFlare offer the option to provide SSL for your website without the hassle or expense of obtaining an SSL certificate. It really is quite a hassle and it’s definitely expensive (relatively) so this is brilliant, especially as Google do rate an SSL site higher than a non-SSL one. All you have to do is put your site behind CloudFlare and … Read More
Adding CPanel/WHM cPHulk IP Blocks to CSF & CloudFlare
I’m running ConfigServer Firewall with its associated LFD (Login Failure Daemon) on one of my servers. LFD I believe does much the same job as cPHulk but advice I found online suggests that if resources aren’t hogged then enable both for a stronger setup. cPHulk has (in the CPanel/WHM control panel) an option to run an external command when an … Read More
Getting a cPanel/WHM Server to Email Pending YUM Updates
I used to try to remember every day to log in to my server and check if there were any manual updates needed (these can be kernel updates etc etc) by running this command: This outputs the list of mirrors and then a list of any packages with updates available for them. Problem is it’s a bit of a pain … Read More
Automatically Expiring CloudFlare IP Blocks by Age
In my last post I talked about how to automatically add IP blocks to CloudFlare from your own server. I also talked about the problem that could lead to, which is potentially 1000s of IP blocks mounting up over time (leading to firewall performance issues, and hitting your CloudFlare IP block limit). I mulled over the best solution to this … Read More
Automatically Adding ConfigServer Firewall (CSF) Firewall Blocks to CloudFlare
Unfortunately, having mod_cloudflare installed on ones server does not mean that the server’s front-end firewall (ConfigServer Firewall in one instance for me) sees the correct remote IP address for requests routed via CloudFlare. It appears mod_cloudflare (which is after all an Apache ‘mod’) works great for applications querying the REMOTE_ADDR server value from within Apache, but in many cases the … Read More
Automatically Adding IP Addresses to ConfigServer Firewall
A website I manage has recently been targeted with a DDoS (Distributed Denial Of Service Attack). The PHP code on the site was already logging access (as is normal) but I wanted a simple way to respond to excessive access from any particular IP other than using a coded denial of response in the website’s code because while this does … Read More
Block Distributed SMTP Auth Attacks, But Allow Google to Send SMTP via Server
There’s a handy way to knock all distributed SMTP AUTH attacks on the head by switching off the advertising of SMTP AUTH to all but specified IP addresses and IP address ranges. It works perfectly. For details on how to achieve this on a WHM/cPanel server, see here: http://sysadmintips.in/advanced/csf/exim Great! However there’s a problem. Many many people like to use … Read More
CloudFlare & WHM/cPanel Apache Server Firewall Conflict
CloudFlare adds another level of security and resilience in front of our dedicated server. It’s an excellent idea and for basic use, it’s completely free. Fab. However, there’s a problem. Because all server traffic which is routed via CloudFlare effectively comes from CloudFlare, and because it’s imperative CloudFlare’s IP address ranges are never blocked (because one bad apple would spoil … Read More
CSS Only Method To Change IMG URL At Different @media screen Sizes
I’ve been trying to keep Google PageSpeed Insights happy with my new websites at all possible screen resolutions, whilst simultaneously trying to make the sites look good on all devices, while at the same time relying on as little javascript or server-side processing as possible. One problem I’ve had is that although it’s relatively easy to switch in a different … Read More