The CSF installation includes control panel user interface available via WHM and login failure daemon process (lfd) that runs periodically to scan the latest log file entries for login attempts  that continually fail within a short period of time. Such attempts are often called “Brute-force attacks” and the daemon process responds very quickly to such patterns and blocks offending IPs quickly.

So, login to your server via ssh and let’s start CSF installation by retrieving the package files using wget command:

wget http://configserver.com/free/csf.tgz

Unpack the archive:

tar xfz csf.tgz

Navigate to the uncomperssed csf directory:

cd csf

Run the installer:

sh install.sh

Now CSF is installed and on Test Mode. You can simply manage it via cPanel WHM interface WHM > Config Security & Firewall:

Let’s disable testing mode by editing main CSF configuration file, go on Firewall Configuration and change TESTING = “1” to TESTING = “0”

In case you need to allow/block IP address using SSH, the options are pretty simple.

To add your IP address to a permanent allow list:

csf -a 136.1.1.105

To block the IP:

csf -d 136.1.1.105