The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

authenticator failed

Discussion in 'General Discussion' started by popeye, Jul 5, 2013.

  1. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi does anyone know why this keeps happening below ? one of my customers keeps getting blocked


    Time: Fri Jul 5 20:20:46 2013 +0100
    IP: 000.000.000.00 (GB/United Kingdom/-)
    Failures: 5 (smtpauth)
    Interval: 3600 seconds
    Blocked: Permanent Block

    Log entries:

    2013-07-05 20:05:47 dovecot_plain authenticator failed for ([00.000.000.00]) [000.000.000.00]:44737: 535 Incorrect authentication data (set_id=me@mydomain,com)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Check to see if their email account is listed in the "Login/Brute History Report" within "WHM Home » Security Center » cPHulk Brute Force Protection". It's possible there have been brute force attempts on their email account or several failed login attempts that have resulted in it getting blocked by cPhulkd.

    Thank you.
     
  3. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi when i look in cPHulk there is only one in login / brute force history report and when i look in Black List (Rejected IP List) its empty.
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    That message is from CSF (ConfigServer Firewall).
    If you go to WHM-> Plugins-> ConfigServer Security & Firewall-> Firewall Configuration-> Login Failure Blocking and Alerts
    you see that you have:
    LF_SMTPAUTH = 5
    LF_SMTPAUTH_PERM = 1

    which means that after 5 failed logins from an IP the IP is blocked permanently.
     
  5. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi how do i disable the block ? to stop customers getting blocked

    Does this mean the customer as some email settings wrong ?
     
    #5 popeye, Jul 5, 2013
    Last edited: Jul 5, 2013
  6. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator

    if you want to disable SMTP failure detections you set:
    LF_SMTPAUTH = 0

    Most likely yes.
     
  7. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    I thought it would be there settings thanks very much for the help. :)
     
  8. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    It may be worth keeping in mind that by disabling that setting, you are also disabling LFD's ability to detect and block brute force attacks on your smtp server. Unless you have something else running to do this, such as cPHulk, bots may be able to obtain mailbox passwords via brute force attacks.
     
  9. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Yes i have cPHulk but also never disabled it after because its got to be the customers settings that are incorrect.
     
Loading...

Share This Page