Tag Archive for: prevent unwanted bot attacks

How to Install Maxmind Geoip module for Litespeed

Previously I wrote a document that how to install Maxmind module for Apache web server.

Also I wrote how to block requests from countries wherever you want.

After four years I think you might need to this for litespeed because lots of hosting companies use that.

First of all,before install,you need same thing :the maxmind country ip database here (You should login first to https://www.maxmind.com


First create a folder named GeoIP under /usr/local/share/

Download the gzip or tarball and extract to /usr/local/share/GeoIP/GeoLite2-Country.mmdb<–sample name.we will use this path in litespeed admin console.

After login to your litespeed admin console->Configuration->Server

In general tab,you will see geoip lookup setting.So you enable it.

And find the details of maxmind settings section

You see this is already configured.Yours will be empty.Ignore that.So you need to add some details like below;

File path must be true.DB name is really important and variable section is mandatory field.it is better to set as is.and save.Restart the litespeed server.

After you do that You verify it is installed correctly.Therefore you must see geoip variable in phpinfo page.So you upload a php file that includes phpinfo and load it from your browser.

If you see that server variable then you can create some rules about deny some requests;

Assume you use Centos or Cloudlinux,go to /etc/httpd/conf.d and create a file named maxmind.conf (name is optional but it should ends with .conf)


<IfModule LiteSpeed>
GeoIPEnable On

<IfModule mod_geoip.c>

<FilesMatch “wp-login.php|xmlrpc.php”>

SetEnvIf GEOIP_COUNTRY_CODE ^(US) AllowCountry
######Deny from env=BlockCountry
Allow from env=AllowCountry
Deny from All


<LocationMatch “^/”>

SetEnvIf GEOIP_COUNTRY_CODE ^(US) AllowCountry
######Deny from env=BlockCountry
Allow from env=AllowCountry
Deny from All


<LocationMatch “^/admin”>

SetEnvIf GEOIP_COUNTRY_CODE ^(US) AllowCountry
######Deny from env=BlockCountry
Allow from env=AllowCountry
Deny from All


<LocationMatch “^/wp-admin”>

SetEnvIf GEOIP_COUNTRY_CODE ^(US) AllowCountry
######Deny from env=BlockCountry
Allow from env=AllowCountry
Deny from All



1.First section enables the geoip lookup

2.Filesmatch directive matches request to your spesific file name regardless of where.So it can be / or /abc.

3.Locationmatch is a folder generally

So according to these directives Accessing outside of US to your site root /,/admin and /wp-admin will be blocked as well as wp-login.php and xmlrpc.php

You can allow multiple country by adding their iso codes with this syntax (I guess)


After you finish your configuration file,save it and restart litespeed.

To verify,Opera browser or open proxies will help you.

Cloudlinux Setting Global Php Directives

When you want to apply one or more php directives like disable_functions,datetime.zone or something else to all your customers websites,you should write these to /etc/cl.selector/global_php.ini file.After you write your directives enter this command to apply

selectorctl –apply-global-php-ini

/usr/sbin/cagefsctl –setup-cl-selector

You can see the example below.

; This file provides global settings for php.ini of all alt-php packages
; The structure of this file:
; option = value
; To confirm changes (not affecting “date.timezone” and “error_log” options) please run:
; /usr/sbin/cagefsctl –setup-cl-selector
; To confirm changes (including “date.timezone” and “error_log” options) please run:
; /usr/bin/selectorctl –apply-global-php-ini
; or
; /usr/sbin/cagefsctl –apply-global-php-ini
; If you don’t want to change error_log, but want to change date.timezone, you can execute
; selectorctl –apply-global-php-ini date.timezone
; Similarly, command
; selectorctl –apply-global-php-ini error_log
; applies error_log and all other options specified in /etc/cl.selector/global_php.ini file, except date.timezone.
; So, you can specify 0, 1 or 2 parameters from the list: error_log, date.timezone
; using –apply-global-php-ini without arguments applies all global php options including two above
; Example:
; selectorctl –apply-global-php-ini error_log
; selectorctl –apply-global-php-ini date.timezone
; selectorctl –apply-global-php-ini date.timezone error_log
; The latter command has the same effect as /usr/bin/selectorctl –apply-global-php-ini
[Global PHP Settings] disable_functions = mail,system, dl, array_compare, array_user_key_compare, passthru, cat, exec, popen, proc_close, proc_get_status, proc_nice, proc_open,escapeshellcmd,escapeshellarg, show_source,posix_mkfifo, ini_restore, mysql_list_dbs, get_current_user, getmyuid,pconnect, link, symlink, fin, fileread, shell_exec, pcntl_exec, leak, apache_child_terminate,chown, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, execute, shell, chgrp, passthru, socket_select,socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid,pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version,apache_getenv, apache_note, apache_setenv, virtual, eval, allow_url_fopen, pconnect, p_connect,posix_getpwuid,fileowner,symlink,readlink,stream_select,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority

Prevent your server from bad bot attacks

We need some iptables rules and a file that includes ip addresses.These addresses are belong to bad bots

I use a shell script that reads ip addresses one by one from afile and block it by using iptables.

Firstly,You have to create a file.for example under root folder and it’s name is bad_bot.txt

nano /root/bad_bot.txt.Write it ip addresses that you want to block into this file.You can use my own list bad_bot.txt file

If you want it run at every system boot,please write it in rc.local file.

iptables -F

for x in $(cat /root/bad_bot.txt)
iptables -A INPUT -p tcp -s $x –dport 80 -j DROP
iptables -A INPUT -p tcp -s $x –dport 443 -j DROP