CyberPanel Automated Blacklist IP using IPsum with CSF every 24 Hours

Securing your CyberPanel is absolutely essential these days it only takes one breach of your security firewall to take down an entire server. Keep in mind, to always keep your security scripts and software up to date. ZERO DAY EXPLOITS happen every day. IPsum and CSF automated blacklist IPs every 24 hours will help keep your server secure. Always be hypervigilant when it comes to server security.

What is IPsum?
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. The list is made of IP addresses together with a total number of (black)list occurrences (for each). The greater the number, the lesser the chance of false-positive detection and/or dropping in (inbound) monitored traffic. Also, the list is sorted from most (problematic) to least occurrent IP addresses.

How do I automate IPsum blacklist IPs with CSF through CyberPanel?
All you have to do is add these lines to your Ifd Blocklists. /etc/csf/csf.blocklists

# stamparm/ipsum
# Details: https://github.com/stamparm/ipsum#readme
STAMPARM|86400|0|https://github.com/stamparm/ipsum/blob/master/levels/3.txt

Log into your Cyberpanel > Click on ConfigServer Security & Firewall > Scroll down to Ifd Blacklist and click > and add the lines of code

How is easy is that?

IPsum Github

List of IPs 1 to 8

Now, you have industrial strength security that is updated every 24 hours.

I run my own AMD dedicated and virtual servers only for my exclusive clients at MENA WEB AGENCY.

Let me know if you have any questions or need some help.

Please share this post with others who might find it helpful.

1 Like

Thanks very much!

But just to clarify, we add those 3 lines to the lfd blacklist and can change the 3.txt to whichever number we want to correspond with the level of protection/sensitivity offered by each level?

That is correct.

What level do you recommend we use? I can’t find any sources on the percentage of false-positive depending on the levels.