After cpanel update IP blocker going crazy

Operating System & Version
Centos 7
cPanel & WHM Version
cPanel & WHM v102.0.8

GroupeAccess

Registered
Mar 25, 2022
3
0
1
Canda
cPanel Access Level
DataCenter Provider
Hi,

After a maintenance on the cpanel server, the IP Blocker module is going crazy and keep adding Deny from x.x.x.x on all the htaccess of my clients.

What we did during the maintenance :
- WHM update
- MariaDB update
- Add php 7.4,8,8.1
- Install Nginx reverse proxy (which was removed since.)

I have no idea where it's coming from, we have already uninstall modsecurity but not seems to be related.
And all the IP added in the htaccess with the Deny from are not present in the history of CSF or cphulk history, the greylisting is already disabled.

Can some one help to find why cpanel keep blocking some IP by adding a Deny from x.x.x.x in all the htaccess ?

Thank you
 

cPanelWilliam

Administrator
Staff member
Mar 13, 2018
94
14
83
Houston
cPanel Access Level
Root Administrator
Hello! The IP Blocker feature in cPanel does not automatically block IP addresses. However, the IP blocker feature will read deny rules that were manually added to a site's .htaccess file. It's possible these rules are being added manually via the cPanel interface or by a 3rd party script running on the accounts.

I would recommend checking the cPanel access logs to ensure these aren't being added manually via the IP Blocker or File Manager. If that doesn't shed any light on the issue I would recommend opening a support ticket so our team can try to identify what is causing this to happen.
 

GroupeAccess

Registered
Mar 25, 2022
3
0
1
Canda
cPanel Access Level
DataCenter Provider
Thank you for your answer.

" The IP Blocker feature in cPanel does not automatically block IP addresses"
That make sense I didn't found any settings for that or any documentation.

I will investigate to find which third party is doing that, because the issue happen on all my client.
And when we enabled the Nginx reverse proxy, the public IP of our server was banned too.
So the 3rd party that doing that didn't get the real IP of the client, but the IP of the reverse Proxy, Did I miss something in the setup of Nginx reverse proxy ?

Thank you
 

GroupeAccess

Registered
Mar 25, 2022
3
0
1
Canda
cPanel Access Level
DataCenter Provider
Thank you for that that was missing.

It should be good now.

ps: I still didn't find with plugin or feature was doing that, but by monitoring the file, only this process seems modifying the htaccess :
/usr/local/cpanel/3rdparty/perl/532/bin/perl