Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

authenticator failed

Discussion in 'General Discussion' started by popeye, Jul 5, 2013.

  1. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    344
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi does anyone know why this keeps happening below ? one of my customers keeps getting blocked


    Time: Fri Jul 5 20:20:46 2013 +0100
    IP: 000.000.000.00 (GB/United Kingdom/-)
    Failures: 5 (smtpauth)
    Interval: 3600 seconds
    Blocked: Permanent Block

    Log entries:

    2013-07-05 20:05:47 dovecot_plain authenticator failed for ([00.000.000.00]) [000.000.000.00]:44737: 535 Incorrect authentication data (set_id=me@mydomain,com)
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Check to see if their email account is listed in the "Login/Brute History Report" within "WHM Home » Security Center » cPHulk Brute Force Protection". It's possible there have been brute force attempts on their email account or several failed login attempts that have resulted in it getting blocked by cPhulkd.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    344
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi when i look in cPHulk there is only one in login / brute force history report and when i look in Black List (Rejected IP List) its empty.
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    That message is from CSF (ConfigServer Firewall).
    If you go to WHM-> Plugins-> ConfigServer Security & Firewall-> Firewall Configuration-> Login Failure Blocking and Alerts
    you see that you have:
    LF_SMTPAUTH = 5
    LF_SMTPAUTH_PERM = 1

    which means that after 5 failed logins from an IP the IP is blocked permanently.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    344
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi how do i disable the block ? to stop customers getting blocked

    Does this mean the customer as some email settings wrong ?
     
    #5 popeye, Jul 5, 2013
    Last edited: Jul 5, 2013
  6. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Finland
    cPanel Access Level:
    Root Administrator

    if you want to disable SMTP failure detections you set:
    LF_SMTPAUTH = 0

    Most likely yes.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    344
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    I thought it would be there settings thanks very much for the help. :)
     
  8. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    It may be worth keeping in mind that by disabling that setting, you are also disabling LFD's ability to detect and block brute force attacks on your smtp server. Unless you have something else running to do this, such as cPHulk, bots may be able to obtain mailbox passwords via brute force attacks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    344
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Yes i have cPHulk but also never disabled it after because its got to be the customers settings that are incorrect.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice