The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF blocking user's own website

Discussion in 'Security' started by crazyaboutlinux, Apr 23, 2009.

  1. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    after installed csf firewall our user is not able to view their own website.
    Note : he can view all other website except thir own

    so i asked user for their local ISP's ip address & i found that their local ISP IP address is blocked in csf firewall etc/csf.deny

    122.169.75.94 # lfd: 10 (pop3d) login failures from 122.169.75.94 in the last 300 secs - Thu Apr 23 16:25:59 2009

    this ip blocked for pop3 login failures & he is not able to view their own website

    this is not good idea with CSF firewall.
     
  2. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    It is a good idea. It is intended to stop dictionary attacks.

    You can control it's behaviour (or disable it all together) in CSF config.
     
  3. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Yes, it's a good idea to stop dictionary attack. I would not recommend to disable it.

    If you wish then you can add the IP address 122.169.75.94 in CSF firewall "Allow IP list" from WHM -> CSF -> Allow IP. Once you do this IP address 122.169.75.94 will not be getting blocked in CSF.
     
  4. Kailash1

    Kailash1 Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    252
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    It is the way it has to work.

    If you have set 10 pop3 login failure before it blocks the IP then it will block IP on 11th login failure. You can also disable the pop3 login failure from "lfd".

    Kailash
     
  5. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    let me know step to do this
     
  6. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    this is not a static IP
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:

    Your user needs to login correctly. If they don't they should be blocked.

    If you did set their IP to the bypass list and that user got a virus on their PC or became a disgruntled user you wouldn't want them to be allowed to bypass anything.

    We block at 5 failed logins and our users learned quickly to be sure they are logging in correctly. It's for the users own account protection.

    If you need to know more about your settings in CSF, you should take a close look at the docs for it and the configuration page itself.

    You can also choose to only temp ban them if you wish. It's all in the config and much more.

    Good Luck. :)
     
  8. Kailash1

    Kailash1 Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    252
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Set value 0 for LF_POP3D and LF_POP3D_PERM in your csf firewall configuration and restart it.

    Kailash
     
  9. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
    I'll second this. Turning off protection because a user can't get the configuration correct on their email client (or whatever) leaves everyone else on the machine open. It's NOT good to disable this, as you're only treating the symptom and not the actual problem... not a good way to run a server.
     
Loading...

Share This Page