The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CT_Limit, IP blocked for too many connections

Discussion in 'Security' started by keat63, Aug 24, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    In CSF, i have CT_Limit configured for 400 connections.
    However, i get the occasional false positive, resulting in customers being blocked in CSF for an hour.

    Any ideas why a browser would use so many connections ?

    I understand that this is to protect against DDOS attacks.
    How many connections would normally be considered a DDOS attack ?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    That thread does'nt really say much, other than people having the same problem with no solution.
    I've disabled the feature for the time being until i can figure out why it does this.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you get an email alert about the block? What did the email tell you?
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I can't remeber now, as it's been about two weeks since i disabled the feature.
    Other than I recall it was a UK IP address and it had more than 400 html connections to the server.
    I've seen it a few times and always dismissed it, only this time it was followed by a customer saying that they connect to my site, but after about 5 minutes the site goes down.
    Of course the site didn't go down, CSF blocked them.

    I'd like to reinstate the feature and maybe just increase the number of open connections before a block is triggered, but i've no clue as to how many connections would be considered acceptable.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I use a smaller setting than what you had yours set to, if that helps. I'd leave it enabled and watch for issues a bit closer when the email comes in next time. There's a reason for it no doubt.

    A long time ago I was hosting a support forum for (a separate site) homeworkers co. that were instructed (to access the work site, not on my server) to disable browser cache, and to use IE6 only. Users were getting blocked all the time when visiting the forum due to my security no matter what I did to try and resolve it (short of giving up security). We optimized the number of images in style and other related items to try sort it for example.

    I didn't know about the browser requirements for the job site until weeks after many complaints about being blocked. No one thought to mention it to me. In the end they moved and life went back to normal.

    Not your issue of course, but if its just one or two users getting blocked, there's probably a good reason for it.

    I like to think of a valid end user getting blocked as a learning experience, for them. It can be annoying sure, but once they learn not to get blocked, they won't forget. ;)
     
Loading...

Share This Page