FAQ

cPFence was created by our hosting and software development company, Linkers Gate LLC. Our company is registered with Dun & Bradstreet under D-U-N-S Number 561227945. We are a small team of six talented server admins and developers. We originally developed cPFence for our own use, and it has served us exceptionally well, to the point where we install it by default on all our clients’ servers. To protect the software, we wrapped it in a license-based system, and we’ve recently decided to offer it to the public in two versions: a free version (antivirus only) and a paid version (full features).

Is it safe?
Yes, it’s very safe. Our software is written entirely in Bash scripting, then obfuscated and converted to binary for code protection—nothing fancy or complicated. No additional services or new users are installed on the server. Unlike other software based on PHP, our solution is generally lighter on system resources and can be easier to audit, especially for those familiar with Bash. It’s straightforward for any skilled security researcher to monitor its actions and ensure its security. Additionally, we don’t store any information or maintain active connections between the host and our license servers. We’ve designed it to be easy, simple, yet powerful.

Because it was already developed and ready to use! cPFence was initially built for our own use across all servers in our hosting and server management company. Since we exclusively use the Enhance control panel and find it perfectly aligned with our business model, cPFence was specifically designed to support it. We may consider adding support for other control panels like cPanel, DirectAdmin, etc., in the future if there is sufficient demand.

Yes, cPFence has been heavily tested on all Enhance server roles, including the Main Control Panel and Email roles. It’s specifically designed to detect and block malware and phishing links in incoming emails.

UI integration will be available as soon as the Enhance team completes the necessary API.

cPFence Owl was initially developed to do the following:

1- Monitor CPU, RAM, and IO usage, and adjust the speed of running scanning processes accordingly to keep system load under control. If high resource usage is detected, the admin is notified based on their notification settings.

2- Periodically check for and search signs of common and recent webshells and malware that have been active online in the last 30 days.

3- Terminate slow, long-running, or sleeping MySQL queries for blacklisted users only.

4- Kill processes when an excessive number of processes is detected from an abusive user.

5- Analyze logs to detect IPs involved in repeated DDoS attacks and apply a temporary block to protect the system.

These are the most important functions. However, in the latest versions, we had to temporarily disable feature number 4 after releasing the software to the public due to some false positives in certain environments and scenarios. The feature that terminates processes from abusive users is currently on hold until we can conduct extensive tests and ensure it is 100% free of false positives for everyone.

Regarding malware blocking, cPFence monitors changed, modified, or added files and scans them using our extensive hourly updated malware signatures. If any malware is found, it is quarantined, and a notification email is sent to the admin.

The IPs you’re seeing in the list are primarily from bots and scanners that are constantly probing the internet for vulnerabilities, scanning ports, and generally doing harmful activities. Unfortunately, the internet is filled with these malicious IPs these days.

cPFence maintains a comprehensive IP database (IPDB) that includes known spammers, scanners, and hacker IPs. We block these IPs at the network level before they can even reach your server. This proactive protection helps keep your server secure and reduces unnecessary resource usage.

You can monitor the logs for these actions in /var/log/syslog. To view the cPFence blockages in real-time, you can use the following command:

sudo tail -f /var/log/syslog | grep -E 'cPFence Blocked:|cPFence DDos Protection:'

If you’d like to see the difference, you can temporarily disable cPFence and monitor the syslogs to observe how these bad bots and scanners could otherwise consume your server’s resources.

Our WAF outperforms most so-called ‘commercial WAF’ services popular in the shared hosting industry. But don’t just take our word for it—use this third-party WAF testing tool to test and see for yourself.

We primarily use a combination of modified and tweaked OWASP and Comodo WAF rules, along with custom rules built from scratch, to provide added security and increased compatibility with shared hosting environments, minimizing false positives as much as possible.

We override the LiteSpeed/OLS settings to ensure your rules are always synced with our latest version. This allows us to issue immediate vulnerability mitigations for all our clients’ servers in one shot, ensuring everyone stays secure.

First you need to get your license. To install cPFence, open a terminal on your server and enter the one-line installation code provided on your screen. This code automatically detects your server’s capabilities and will install the recommended protections for your server in less than 2 minutes.

Yes, you can easily move your cPFence license to a new server using the reissue license feature found in clients area. This process is straightforward and hassle-free.

Yes, we offer bulk licenses for 10+ servers. Please order your bulk license through this link. Ensure you provide the full list of your server IPs so we can manually activate them under one license key. Bulk licenses do not have automatic activation and will be activated asap upon receiving payment. Single server licenses do have automatic activation.

Our DDos protection module instantly blocks any IP with more than 100 concurrent connections to the server. It is designed to block aggressive IPs that repeatedly attempt attacks. Initially, the block is temporary, but if the same IP triggers multiple attacks, it results in a permanent block, and our IPDB is updated accordingly so all servers get the latest protection. You can adjust the limit in the configuration file located at /opt/cpfence/config.conf. The default value of 100 is recommended for optimal performance.