How to Block IPs and Ranges in Imunify360: CLI & GUI Master Guide

How to Block IPs and Ranges in Imunify360: CLI & GUI Master Guide

Imunify360 is the ultimate defense for web servers. While its automated firewall is excellent, manual intervention is sometimes necessary to stop botnets or targeted attacks. In this guide, you will learn how to manage blocks precisely using commands and the visual interface.

⚠️ Before you begin: Safety First

Before blocking any range, make sure to:

  1. Verify your own IP: Never block the range you belong to. You can check your IP at 

  2. Understand the scope: An error in the CIDR mask (such as a /8) could leave millions of legitimate users without access.

💻 Option 1: Blocking via Command Line (CLI)

This is the fastest way for system administrators. You must access via SSH as the root user.

1. Block a Single IP

Ideal for stopping a specific attacker identified in your logs.

  1. imunify360-agent blacklist ip add 1.2.3.4 --comment "Brute force attack"

  • Blocked IPs: 1

2. Range Blocking (CIDR Notation)

If attacks come from different IPs but the same network, use these common prefixes:

CIDR Prefix Blocked IPs Typical Use
/24 256 Blocks a full local subnet.
/20 4,096 Blocks a small data center.
/16 65,536 Blocks a regional Internet Service Provider (ISP).
/8 16,777,216 Warning! Blocks massive internet segments.

Example command for a /24 range:

  1. imunify360-agent blacklist ip add 192.168.1.0/24 --comment "Identified botnet range"

3. How to remove a block (Unblock)

If you blocked someone by mistake or the attack has ceased:

  1. imunify360-agent blacklist ip delete 1.2.3.4

🖥️ Option 2: Blocking via the WHM Interface

If you prefer not to use the console, Imunify360 offers an intuitive interface within WHM:

  1. Log in to WHM and search for Imunify360.

  2. Go to the Firewall tab.

  3. Click on the Blacklist sub-tab.

  4. Press the Add IP/Network button.

  5. Enter the IP or range, add a comment (this is vital for future audits!) and click Add.

💡 Expert Tips for Administrators

  • Mandatory Comments: Always use the --comment parameter. Months later, you won't remember why you blocked that IP, and the comment will save you time.

  • Country Detection: If malicious traffic is massive from a specific country where you have no customers, it is better to use the Country Blocking feature in Imunify360 instead of adding hundreds of manual ranges.

  • Whitelists: If you use external services (such as monitoring tools or payment APIs), make sure to add them to the Whitelist so Imunify360 does not block them for suspicious activity.


    • Related Articles

    • How to delete iDrive e2 files using AWS CLI on Mac

      When you need to delete large amounts of files from an iDrive e2 bucket, doing it through the web interface can take hours or even days. The most efficient solution is to use AWS CLI from your Mac terminal, as it processes multiple files in parallel ...

    • JetBackup 5: How to fix the Integrity Check error using CLI/SSH

      When JetBackup performs its automated integrity verification processes, they may sometimes complete partially due to network interruptions, timeouts, or communication issues with the remote storage destination. If you receive notifications indicating ...

    • Basic SSH commands

      FILE MANAGEMENT Copy file cp -a archivo.zip archivocopia.zip Create a 404.html file touch /home/usuario/public_html/404.html Compress directory zip -r archivo.zip /home/usuario/public_html/directorio Extract file unzip archivo.zip View contents of a ...