The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CT_Limit, IP blocked for too many connections

Discussion in 'Security' started by keat63, Aug 24, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    In CSF, i have CT_Limit configured for 400 connections.
    However, i get the occasional false positive, resulting in customers being blocked in CSF for an hour.

    Any ideas why a browser would use so many connections ?

    I understand that this is to protect against DDOS attacks.
    How many connections would normally be considered a DDOS attack ?
     
    #1 keat63, Aug 24, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    #2 cPanelMichael, Aug 31, 2015
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    That thread does'nt really say much, other than people having the same problem with no solution.
    I've disabled the feature for the time being until i can figure out why it does this.
     
    #3 keat63, Sep 4, 2015
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,419
    Likes Received:
    285
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you get an email alert about the block? What did the email tell you?
     
    #4 Infopro, Sep 4, 2015
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I can't remeber now, as it's been about two weeks since i disabled the feature.
    Other than I recall it was a UK IP address and it had more than 400 html connections to the server.
    I've seen it a few times and always dismissed it, only this time it was followed by a customer saying that they connect to my site, but after about 5 minutes the site goes down.
    Of course the site didn't go down, CSF blocked them.

    I'd like to reinstate the feature and maybe just increase the number of open connections before a block is triggered, but i've no clue as to how many connections would be considered acceptable.
     
    #5 keat63, Sep 4, 2015
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,419
    Likes Received:
    285
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I use a smaller setting than what you had yours set to, if that helps. I'd leave it enabled and watch for issues a bit closer when the email comes in next time. There's a reason for it no doubt.

    A long time ago I was hosting a support forum for (a separate site) homeworkers co. that were instructed (to access the work site, not on my server) to disable browser cache, and to use IE6 only. Users were getting blocked all the time when visiting the forum due to my security no matter what I did to try and resolve it (short of giving up security). We optimized the number of images in style and other related items to try sort it for example.

    I didn't know about the browser requirements for the job site until weeks after many complaints about being blocked. No one thought to mention it to me. In the end they moved and life went back to normal.

    Not your issue of course, but if its just one or two users getting blocked, there's probably a good reason for it.

    I like to think of a valid end user getting blocked as a learning experience, for them. It can be annoying sure, but once they learn not to get blocked, they won't forget. ;)
     
    #6 Infopro, Sep 4, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - CT_Limit blocked many
  1. bloatedstoat

    New Thread modsec rule 942100 not being blocked, status 200

    bloatedstoat, Jun 23, 2017 at 9:49 PM, in forum: Security
    Replies:
    2
    Views:
    24
    bloatedstoat
    Jun 24, 2017 at 2:58 AM
  2. crazyaboutlinux

    Allow country for specific website from blocked country

    crazyaboutlinux, Jun 9, 2017, in forum: Security
    Replies:
    1
    Views:
    56
    cPanelMichael
    Jun 13, 2017
  3. mosalah

    Blocked using Barracuda Reputation message

    mosalah, May 24, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    88
    Infopro
    May 24, 2017
  4. SuperBaby

    Hosting account not blocked after exceeding file size quota

    SuperBaby, May 20, 2017, in forum: General Discussion
    Replies:
    5
    Views:
    82
    cPanelMichael
    May 22, 2017
  5. MichaelCropper

    cPHulk - Email Individual cPanel Account When Attacks are Blocked?

    MichaelCropper, May 1, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    102
    cPanelMichael
    May 2, 2017

Share This Page