Automated IP Unblocking With CSF On cPanel Server

Discussion in 'cPanel Guides' started by Chuck, Nov 16, 2017.

  1. Chuck

    Chuck Administrator
    Staff Member Grep What?

    May 17, 2017
    Likes Received:
    If you have a cPanel server with client sites on it and you are using CSF there is a pretty good chance your clients will get themselves banned by the system for a variety of reasons. CSF (Config Server Firewall) has a built in feature called Messenger that allows you to allow your clients to unban their own IPs.

    Setting It Up

    First thing is we need to create a user with no login or shell access that also has a directory in /home. We will call this user "csf".

    useradd csf -s /bin/false
    Head over to:

    When creating your ReCaptcha make sure to uncheck the "Domain Validation" option, unless of course you want to add every domain on your server :) Record your site key and secret.

    nano /etc/csf/csf.conf
    Find the following and change them to match what is posted here:

    MESSENGER = "1"
    MESSENGERV2 = "1"
    RECAPTCHA_SITEKEY = "add me"
    RECAPTCHA_SECRET = "add me"
    Exit and restart LFD:
    service lfd status
    Now do something you usually don't want to do, ban your IP:
    Note: Make sure you can access the server from another IP or you could find yourself locked out!
    csf -d
    Navigate to a website on the server or try to access a control panel. You should be greeted with the CSF page, and an option to unblock with ReCaptcha. If not you will need to move a file and restart lfd.

     cp /etc/csf/messenger/index.recaptcha.php
    mv /home/csf/public_html/index.php /home/csf/public_html/index_bak.php
    mv /home/csf/public_html/index.recaptcha.php /home/csf/public_html/index.php
    chown csf:nobody /home/csf/public_html/index.php
    Restart lfd:
    service lfd restart
    I recommend reading through the "Messenger" section in the CSF readme.txt as well which is located at /etc/csf

Share This Page