I have 2 cpanel servers. One is constantly blocking my IP address. I have my WiFi IP whitelisted. But, if for any reason, like a recent power outage, the router gets rebooted and it gets assigned a new IP, that one gets blocked and I have to have someone in another network login and white list that one. This gets really irritating when I am out of the office and my Phone's Verizon IP gets blocked. It happens even before I can whitelist it. I login to the server and before I get to the firewall page I'm blocked.
I do not have this problem with the other server. They are both using CSF.. But this one is one where I have my own domain email so it's maddening.
Is there some kind of setting that can be changed to only block IPs that have x number of failed logins? That's normal.
Thanks.
IP Constantly Getting Blocked
-
adamreece-webbox
- Junior Member
- Posts: 8
- Joined: 10 Jan 2017, 15:38
Re: IP Constantly Getting Blocked
Does the reason for the block not show up in the syslog?
You can see the most recent dropped packets with:
Or if you want a longer list:
Edit: Actually this one will be more useful for you:
You can see the most recent dropped packets with:
Code: Select all
dmesg | grep Blocked | tailCode: Select all
dmesg | grep Blocked | tail -n 40Code: Select all
tail /var/log/lfd.log | grep "ip.address.getting.blocked" | tailRe: IP Constantly Getting Blocked
Hiya!
If you search /var/log/lfd.log for your IP address, for example using
It will provide the reasons why LFD is blocking your IP with CSF, so that you can then look at the rules which are triggering.
For example, if I were to search my IP and the following appeared:
Which would make me look at the LF_CPANEL rule and potentially increase it to a higher amount by changing LF_CPANEL to a number higher than 1 in the configuration.
Edit: If it's set to 1, any failure would trigger a block, where as I have it set to 5 so that people get a few chances.
You can also check failed logins in /var/local/cpanel/login_log
Hopefully this helps you out
Kind regards,
Jess
If you search /var/log/lfd.log for your IP address, for example using
Code: Select all
cat /var/log/lfd.log | grep 127\.0\.0\.1For example, if I were to search my IP and the following appeared:
Code: Select all
Oct 16 00:00:00 hostname lfd[1111111]: (cpanel) Failed cPanel login from PUBLICIP (CountryCode/Country/reversedns.example.com): 5 in the last 3600 secs - *Blocked in csf* [LF_CPANEL]Edit: If it's set to 1, any failure would trigger a block, where as I have it set to 5 so that people get a few chances.
You can also check failed logins in /var/local/cpanel/login_log
Hopefully this helps you out
Kind regards,
Jess