The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel and lfd IP block messages

Discussion in 'Security' started by magicalwonders, Nov 18, 2014.

  1. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    Everytime an attempt is made to login to my server, I receive two messages as in the following examples -

    One will come from cPanel -

    And then another one from root@hostname.mydomain.com with the subject line -
    lfd on hostname.mydomain.com: blocked 91.201.244.50 (UA/Ukraine/-)

    Two questions arise from this.

    1. As the second email is reporting a permanent block of the IP address, I assume there is no need to click any links in the first email adding the IP to the blacklist?

    2. If the IPs are automatically blocked or banned, is there any way to stop these notifications and just be advised of successful logins?

    Hope someone can advise. :)
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    1. Correct, if the server is already blocking it you don't need to block manually.

    2. Set LF_PERMBLOCK_ALERT = "0" in csf.conf or via WHM. There are other alert settings you can review as well.
     
  3. magicalwonders

    magicalwonders Well-Known Member

    Joined:
    Nov 21, 2012
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Great. Thanks for the assistance and advice. :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,696
    Likes Received:
    656
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. Lor

    Lor Well-Known Member

    Joined:
    Apr 29, 2005
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    I did but still receive emails about permanent block IPs.

    Any more ideas?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,696
    Likes Received:
    656
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Did you fully restart CSF/LFD via WHM after making the change? Just restarting CSF will not make the change effective.
     
  8. Lor

    Lor Well-Known Member

    Joined:
    Apr 29, 2005
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    I understand CSF/LFD restarted after change setting via WHM
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,696
    Likes Received:
    656
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you verify the email you are receiving is actually from CSF/LFD? Are you sure it's the same email reported by the original poster?

    Thank you.
     
  10. Lor

    Lor Well-Known Member

    Joined:
    Apr 29, 2005
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    This is the email:

    Code:
    lfd on server.xxxxxx.com: blocked 000.000.000.000 (ID/Indonesia/-)
    
    
    Time:  Wed Nov 11 22:42:32 2015 -0700
    IP:  000.000.000.000 (ID/Indonesia/-)
    Failures: 5 (ftpd)
    Interval: 3600 seconds
    Blocked:  Permanent Block
    
    Log entries:
    
    Nov 11 22:41:57 server pure-ftpd: (?@000.000.000.000) [WARNING] Authentication failed for user [user]
    Nov 11 22:42:03 server pure-ftpd: (?@000.000.000.000) [WARNING] Authentication failed for user [user]
    Nov 11 22:42:11 server pure-ftpd: (?@000.000.000.000) [WARNING] Authentication failed for user [user]
    Nov 11 22:42:23 server pure-ftpd: (?@000.000.000.000) [WARNING] Authentication failed for user [user]
    Nov 11 22:42:29 server pure-ftpd: (?@000.000.000.000) [WARNING] Authentication failed for user [user]
    
    --------------------------------------
    
    // 000.000.000.000 is IP address
     
    #10 Lor, Nov 12, 2015
    Last edited by a moderator: Nov 12, 2015
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    194
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Your options are located in this section of CSF:
    Login Failure Blocking and Alerts
     
Loading...

Share This Page