How To Unblock an IP Address in APF

Advanced Policy Firewall, or APF, is a software firewall commonly installed on  servers. It is an interface to iptables, which is standard software for managing network ports on Linux. Interacting with iptables can be complex, but APF greatly simplifies the process. APF is only accessible via ssh, and there is no way to make changes in APF through WHM or cPanel.

 Pre-Flight Check

• These instructions are intended specifically for unblocking an IP Address in APF.

• I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

• For further details, see our in-depth look at the APF firewall.

Check APF for Your IP Address

Let’s say that you want to check whether or not a specific IP address, maybe 8.8.8.8 , is blocked by APF. That’s easy!

You may receive a result similar to:

/etc/apf/deny_hosts.rules:# added 8.8.8.8 on 04/25/14 13:42:01 with comment: {bfd.courier}
/etc/apf/deny_hosts.rules:8.8.8.8

The above means that BFD detected a brute force attack from the IP 8.8.8.8 on port 25, and automatically added a rule to APF to prevent future connections specifically from that IP address

Unblock an IP Address

If the IP address is denied in APF and you want to remove it, then use this command:

apf -u 8.8.8.8

If the command is successful, you should get a result similar to:

apf(12721): {trust} removed 8.8.8.8 from trust system

APF then needs to be restarted for the change to take effect:

apf -r

If you’d prefer a more advance firewall for APF, see our tutorial on how to install and configure CSF and its security plugin LFD (Login Failure Daemon).

Basic SSH

If you have an account on a cPanel server with shell access or your own VPS or Dedicated server running Linux then SSH is a powerful tool to have in your skill set.

SSH (aka Secure Shell) is a way of logging into your server from a remote computer such as your home desktop or laptop. The remote connection utilizes encryption on both the server’s end and your end to keep the entire session secure.

The most common type of connection that our support department uses is to SSH into a server as the root user. Logging in as root allows you to make systemwide changes, restart important services, and perform many other tasks that only the root user is allowed to do (by default).

If you are going to initiate your remote connection from a Linux or Mac OS X computer you can start using SSH by opening up the Terminal application. Linux users should know how to find the terminal, and Mac OS X users need only open their Applications folder and then the Utilities folder to find Terminal.app. Unfortunately SSH is not built-in to Windows, so you will need to download an application like PuTTY.

Show Scripts Sending email WHM

To trace php script sending email, first you will need root SSH access to server and enable log selector for exim which will help you to generate extra/well defined logs for exim.

To do this Access WHM as root. Access Service Configuration >> Exim Configuration Editor. Click on Advance Editor.

Under exim.conf section you will see #!!# cPanel Exim 4 Config
and you can add following code in the text box.

How Uninstall Attracta

You can run below script as root. It disables all traces of Attracta from the server.

/scripts/attracta/uninstall-attracta is a symlink to /usr/local/cpanel/3rdparty/attracta/scripts/uninstall-attracta in newer versions. In older versions, you'll need to use the /u/l/c location.

As there are a number of different components to the Attracta integration, it's definitely recommended to use the uninstall-attracta script to ensure everything is cleaned up fully.