How to Install CSF Firewall via WHM/cPanel ?

  • Log in to the WHM.
  • Select the Server Configuration option.
  • Click on Terminal to open the WHM terminal window.
  • Copy/enter this code in the Terminal window.
cd /usr/local/src/
tar -xzf csf.tgz
cd csf
  • WHM will run the command and automatically download the compatible version of CSF for cPanel.
  • Press Enter to run the installation.
  • Display a success message for the completed installation.

Once you install the CSF application, you will have to configure it.

  • Go back to the Home of your WHM dashboard and select the Plugins option from the navigation menu.
  • you will see the option ConfigServer Security & Firewall. Click on it.

  • Click on the csf tab.
  • Scroll down a little to the csf – ConfigServer Firewall section and click on the Firewall Configuration button.

  • You will find all the options for the firewall configurations. We will see a quick rundown on the important settings to get you started.

1. Settings for Port Filtering Configuration – IPv4 Port

  • TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,26”
  • TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703”
  • UDP_IN 20,21,53
  • UDP_OUT 20,21,53,113,123,873,6277

  • Once you have changed your SSH port number, add this new port on the IPv4 Port Settings and/or IPv6 Port Settings. You can also add a specific port for a newly installed application on the server from this section.
  • We recommend the users who deploy the R1soft/Idera external backup solution to allow the inbound traffic for TCP port 1167 in the port TCP_IN section.

2. Activate the Syslog Monitoring

  • Scroll down to the General Settings section and set the SYSLOG_CHECK  to 1800.

3. Activate the Detection of Suspicious Processes

  • Scroll down to the Process Tracking section.
  • Set “PT_ALL_USERS” to “ON
  • Set “PT_DELETED” to “ON

4. Activate Spam Protection and Detection of Suspicious Emails

  • With CSF, you can secure your server from spams and bulk email activity.
  • Scroll down to the SMTP Settings section.
  • Switch the SMTP_BLOCK to On.

  • Scroll down to the Login Failure Blocking and Alerts section.
  • Locate the LF_SCRIPT_LIMIT and set it to 250. It will detect the scripts sending more than 250 emails in an hour.
  • Switch the LF_SCRIPT_ALERT to On. It will alert the system administrator via email when the LF_SCRIPT_LIMIT is breached.

5. Save the Changes and Confirm the Status

  • Scroll down to the end of the page and click the Change button.

  • save the configurations you made to the firewall application.
  • Click the Restart csf+isd button. It will restart the csf and isd and apply your firewall configurations.
  • Click the Return button to go back.

   Disable Testing

  • Currently, your CSF application is running in the Test Mode. You have to deactivate the mode.
  • Reaccess the csf – ConfigServer Firewall section and click the Firewall Configuration button.
  • Locate the TESTING option in the Initial Settings section.
  • Click on the Off switch.
  • Again, you have to repeat the process to save the configurations. Click the Change button, and then the Restart csf+isd button.
  • successfully installed and activated the CSF Firewall on your cPanel account.

Was this article helpful?

Related Articles