The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cphulk blocking users on mobile data but no wifi

Discussion in 'Security' started by IISG, Oct 21, 2015.

  1. IISG

    IISG Member

    Joined:
    Nov 2, 2006
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello All,

    I have a strange problem that I have confirmed several times so I know the information provided is accurate.

    I have a couple of users that when they check email via iphone (6s just in case that means anything and also on tmobile) and the phone is on wifi, the users get all emails and everything works perfectly for their pop3 account (with or without ssl).
    Then when the user turns off wifi and checks email via mobile data it pops up and says bad password, which can't be because the password is perfect on wifi.

    I then had the cell phone in my hand, turned off cphulk , mail checked fine, turned it back on, error.

    Now over time I got cphulk to block it again but show in the mailllog file the following:
    dovecot: auth: Error: Cpanel::MailAuth: cphulk blocked login for user

    The issue with this is that it does not show ANYTHING in the cphulk history report under any of the types.

    I then "whitelist" the tmobile IP and it works, but never showed up in iptables or cphulk reporting.

    any suggestions so I don't keep running into this?

    And of course keep the ip I whitelisted or any other tmobile ip would be a mistake imho.

    Thanks!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. IISG

    IISG Member

    Joined:
    Nov 2, 2006
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    yes I do see entries that say they are blocking an IP address, however it's like it follows the user and is blocking the user.
    It's a tmobile IP address, so its not good to whitelist it, but even if I do temporarily it happens again to the same user.
    I put and saved the password into the cell phone myself so I know the password is correct.

    Thanks!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Browse to:

    "WHM Home » Security Center » cPHulk Brute Force Protection"

    Do you see a message such as "The system disabled firewall options. These options require IPTables v1.4 or higher and a non-Virtuozzo environment."?

    Thank you.
     
Loading...

Share This Page