topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 3:46 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Which Of These Security Methods Should I Try ? Mod Security Or GeoIP Apache Way  (Read 4028 times)

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 33
    • View Profile
    • Donate to Member
Technical Gurus,

I need your brilliant experienced opinion.
You see, it's practically impossible to make my website abide by the new EU GDPR without annoying my websites visitors. Hence, have decided to block all EU visitors altogether. I asked my webhost regarding this issue and they pointed me to these links:

Mod Security:
https://forums.cpane...in-countries.574681/

GeoIP:
https://grepitout.co...cpanel-easyapache-4/ and https://www.tecmint....or-apache-in-centos/

They suggested I take the "GeoIP apache module way".
Now, I'm not too technical. New in all this. I tried installing both the Mod Security and the GeoIP Apache Module but failed (even after following the steps in the articles) as I don't have much experience with Unix/Linux. Therefore, searched for someone to take care of it. Told him to install both Mod Security and GeoIP Apache Module but to do it without touching the .htaccess because the following article says it will go to thousands of lines of code if I do it using .htaccess.
https://www.sitepoin...m-accessing-website/

The technician had a look at the links I gave and said he will install the GeoIP module but not by following the steps mentioned in the following article and he has to do it using .htaccess.
https://www.tecmint....or-apache-in-centos/
Says there would only be 28 lines of code to block 28 EU countries.
Also says, if he follows the steps mentioned on the above link (tecmint article) then things will get messed-up. His exact words are:

"You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess.".

He says he will do it following the steps mentioned here:
https://www.paunovic...a-cpanel-whm-serveru
He says that is the proper way to do it on cPanel Server.
I asked my webhost about this and they have gone silent. Hence, approaching you folks for your expert opinions.
I have Vps with Root Access: SSH, Panel. I got CentOS OS, Whm and cPanel ($15 version).
I got my webhost to build 8 cPanel accounts for my 8 domains. 1 cPanel account per domain. I think they built them via Whm. (Still learning about Whm).
I told the technician, I want him to set things up on my Whm so any domains &  cPanel accounts I add in the future (1 new cPanel account for 1 new domain) to my Vps should also block EU visitors. He said aslong as I have Root Access he will set things up following the steps in that article:
https://www.paunovic...a-cpanel-whm-serveru

You have now heard about my hardwares & softwares and what I need done. Block all EU visitors from my current 8 websites and from all future websites/domains hosted on this Vps. My questions are:

Q1. Must the GeoIP and the Mod Security be installed on my Whm for them to work on all my current and future websites/domains/cPanels hosted on this vps under this Whm ?

Q2. Which option is best for me ? Mod Security or GeoIP ? If I install both then that would not be a problem. Am I right ?

Q3. Is the technician correct when he says "You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess."
He says the steps in following article is bad:
https://www.tecmint....for-apache-in-centos
Is he correct ?
He further says: "I'll compile GeoIP module and GeoIP database on your server Apache and then you can easily block countries, and do not have to block IPs.". Is it better to do it this way over the techmint article way ?
Should I opt for his method instead (do things the .htaccess way) and
should I ignore the warning on the Site Point Forum article to not to things the .htaccess way ?

I am puzzled, confused and need your expert opinions and advice as I know you won't be giving biased advices.

Thank you for your interest in helping me out.

Whatever method you recommend, make sure it will be easy for me to easily add more countries in the banning list without needing to fiddle with messy code.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Well, sounds like you use a share plan with your hoster (multiple paying users on one actual server). This is a common setup and for most intents and purposes also ok. Only when having lots of traffic you should consider a dedicated plan. Costs of those are much higher.

Anyway, the webserver software on your server is also shared. That limits the configuration options available to you. Your tech correctly points this out.

The articles you were reading assume you have complete control over every aspect of your webserver. Which is not true in your case, so the plan of your tech sounds reasonable to me.

You shouldn't play with the .htaccess file, unless you know what you are doing. While working with the Apache web server isn't that difficult, I would not call it easy. You need a good understanding of all the terminology and the concepts to make it work properly. A mistake is easily made and results in a mess and/or insecure website.

Your tech is also right about not blocking on IP address level, but on country codes. IP v4 addresses are running out on most continents. In the beginning it was pretty easy to block content from certain regions as you could make educated guesses about which block of IP addresses were assigned to which continent. The companies that handle the distribution of IP addresses have been swapping IP blocks amongst themselves as the need arose. Nowadays it is not that easy anymore to use IP addresses to block users from specific countries anymore.

So, the suggestion about using the country code to check against a country database for granting access sounds reasonable again.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
You see, it's practically impossible to make my website abide by the new EU GDPR without annoying my websites visitors.
-The Code Queryer (April 19, 2019, 10:37 AM)

That's the only practical outcome I've seen from GDPR.

Hence, have decided to block all EU visitors altogether.
-The Code Queryer (April 19, 2019, 10:37 AM)

And that's the only logical choice for "small fry" to make. (And even some of the bigger companies have made that choice as well!) Aside from ignoring GDPR altogether and hoping you're too small to be noticed by the regulators.

The Code Queryer

  • Participant
  • Joined in 2019
  • *
  • default avatar
  • Posts: 33
    • View Profile
    • Donate to Member
Well, sounds like you use a share plan with your hoster (multiple paying users on one actual server). This is a common setup and for most intents and purposes also ok. Only when having lots of traffic you should consider a dedicated plan. Costs of those are much higher.

Anyway, the webserver software on your server is also shared. That limits the configuration options available to you. Your tech correctly points this out.

The articles you were reading assume you have complete control over every aspect of your webserver. Which is not true in your case, so the plan of your tech sounds reasonable to me.

You shouldn't play with the .htaccess file, unless you know what you are doing. While working with the Apache web server isn't that difficult, I would not call it easy. You need a good understanding of all the terminology and the concepts to make it work properly. A mistake is easily made and results in a mess and/or insecure website.

Your tech is also right about not blocking on IP address level, but on country codes. IP v4 addresses are running out on most continents. In the beginning it was pretty easy to block content from certain regions as you could make educated guesses about which block of IP addresses were assigned to which continent. The companies that handle the distribution of IP addresses have been swapping IP blocks amongst themselves as the need arose. Nowadays it is not that easy anymore to use IP addresses to block users from specific countries anymore.

So, the suggestion about using the country code to check against a country database for granting access sounds reasonable again.

Thanks Shade!

Then I guess the technician was telling the truth when he said to trust him and he knows what he's talking about and had 2 hosting companies in the past.
Now the problem is, I just got an email from fiverr.com tht they have shut down my free account (buyer account)! Would have been better if they had shut it down after I buy the $10 gig! Fiverr say I opened 2 accounts. Well, I did open a business account about 2.5yrs back and saw I was not getting any sales and then forgot about the account. And opened a buyers account few days ago. That first account should have been shut down by now for not logging in all this time. I believe if I open another account using another email then I'd get caught again. I did open the 2 accs with 2 different emails but they still sniffed me out. Do you have an idea how they did that apart from saying cookie tracking because I do delete my cookies every now and then. Mac address, I believe.
Now got to hunt for fiverr.com alternatives and hope I'll find another technician for around $10 Or better $5. :)

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
There are already many suggestions regarding hosters and their costs/plans here at DC. So have fun looking.

It is not an option to close one account at fiverr.com and just continue with one? Being courteous with their support/helpdesk could help. It is possible that fiverr.com detected your different login attempts, because you made them from the same IP address or cookies. I have no clue about rules and regulations fiverr.com imposes and don't care too much either.

What are you planning that would require 8 domains to begin with? As you are a beginner, would it not have been smarter to start with one domain and build up your experience from there?

I got several domains here in Paraguay and several ones at a Dutch ISP. That costs me about 150 USD per year (having a static IP address isn't free either). The Dutch ISP gives me hosting and domains. For each domain unlimited subdomains, 5 MySQL databases, 20GByte of traffic each month, a web panel (not cPanel!) and unlimited mail addresses. Support for PHP 5.6 and 7 is there too and there are options in the web panel that make the installation of WordPress, Joomla! and Magento super easy. That is the service they deliver in their cheapest plan.

Spending extra cash to get the excellent uptime & service level from the Dutch ISP saves me a lot of headache and I'll find that worth every penny.

Having this setup for more than 10 years already. For the Dutch domains, yearly maintenance (on my end) is about an hour or 2. The Paraguayan domains require a lot more, but there I am running my own web server, mail server, WebDAV etc. Especially the last years mail is becoming a pain in the behind. You have no idea how many organizations there are, which patrol the internet for spammers. A good reputation score on each of those for a privately maintained mail server is much harder to maintain than you would think.

Anyway, enough nagging from my side.