Knowledgebase

This guide explains how to correctly configure your servers to work with the Snowtech UnBlock IP WHMCS addon.

The module requires CSF (ConfigServer Security & Firewall) to be installed and accessible via the server API.

1. Installing CSF (Updated Method)

CSF is now maintained via the official cPanel GitHub repository.

Download & Install CSF

cd /usr/src
rm -fv csf.tgz
wget https://github.com/cpanel/cpanel-csf/archive/refs/heads/main.tar.gz
tar -xzf main.tar.gz
cd cpanel-csf-main
sh install.sh

Verify Installation

csf -v

If installed correctly, the CSF version will be displayed.

2. Enable CSF in Production Mode

After installation, disable testing mode:

nano /etc/csf/csf.conf

Set:

TESTING = "0"

Then restart CSF:

csf -r

3. Ensure WHMCS Can Communicate with the Server

Your WHMCS server configuration must include valid API credentials.

Supported Authentication Methods

• WHM Access Hash
• WHM API Token
• DirectAdmin API credentials

4. Recommended: Use WHM API Token (Most Secure)

Create Token in WHM

1. Login to WHM as root.
2. Go to Development → Manage API Tokens.
3. Create a new token.
4. Grant full privileges.
5. Copy the token.

Enter this token in WHMCS under the server configuration.

5. CSF Requirements for Unblocking

The module interacts with CSF using standard commands such as:

csf -g IPADDRESS
csf -dr IPADDRESS

Ensure:

• CSF is properly installed
• Root API access is allowed
• No additional firewall rules block WHM API calls

6. Protecting Critical Firewall Rules

To prevent removal of critical blocks:

• Add protected IPs to CSF "do not delete" rules
• Enable "Prevent removal of do not delete blocks" in module settings

This ensures protected entries are never removed by clients.

7. DirectAdmin Configuration

If using DirectAdmin:

• Ensure CSF is installed on the DirectAdmin server
• WHMCS server entry includes correct API credentials
• CSF binary path is standard (/usr/sbin/csf)

8. Sudo Considerations (If WHMCS Runs Locally)

If WHMCS runs on the same server and the module executes CSF locally:

Add a sudo rule:

username ALL=(ALL) NOPASSWD: /usr/sbin/csf

This allows controlled execution of CSF commands without exposing full root privileges.

9. Verify Server Connection from WHMCS

In WHMCS:

1. Go to System Settings → Servers.
2. Edit the server.
3. Click Test Connection.

The test must pass before unblocking will function correctly.

10. Testing the UnBlock IP Module

1. Manually block your IP in CSF:

csf -d YOUR.IP.ADDRESS

2. Login to WHMCS client area.
3. Open the UnBlock IP module.
4. Confirm block is detected.
5. Attempt removal.

If successful, the IP will be removed from the CSF deny list.

Security Best Practices

• Always use API Tokens instead of passwords where possible.
• Restrict WHMCS admin access to trusted users only.
• Enable rate limiting in the module to prevent abuse.
• Keep CSF updated from the official GitHub repository.
• Regularly audit your firewall rules.

Common Server-Side Issues

CSF Not Installed

• Install using the GitHub method above.

API Authentication Fails

• Verify WHMCS server credentials.
• Confirm API token privileges.

IP Removed But Still Blocked

• Check for LFD temporary blocks.
• Verify other firewall layers (iptables, cloud firewall).