Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CT_Limit, IP blocked for too many connections

Discussion in 'Security' started by keat63, Aug 24, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    992
    Likes Received:
    41
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    In CSF, i have CT_Limit configured for 400 connections.
    However, i get the occasional false positive, resulting in customers being blocked in CSF for an hour.

    Any ideas why a browser would use so many connections ?

    I understand that this is to protect against DDOS attacks.
    How many connections would normally be considered a DDOS attack ?
     
    #1 keat63, Aug 24, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,943
    Likes Received:
    1,819
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Aug 31, 2015
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    992
    Likes Received:
    41
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    That thread does'nt really say much, other than people having the same problem with no solution.
    I've disabled the feature for the time being until i can figure out why it does this.
     
    #3 keat63, Sep 4, 2015
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,242
    Likes Received:
    385
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you get an email alert about the block? What did the email tell you?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Sep 4, 2015
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    992
    Likes Received:
    41
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I can't remeber now, as it's been about two weeks since i disabled the feature.
    Other than I recall it was a UK IP address and it had more than 400 html connections to the server.
    I've seen it a few times and always dismissed it, only this time it was followed by a customer saying that they connect to my site, but after about 5 minutes the site goes down.
    Of course the site didn't go down, CSF blocked them.

    I'd like to reinstate the feature and maybe just increase the number of open connections before a block is triggered, but i've no clue as to how many connections would be considered acceptable.
     
    #5 keat63, Sep 4, 2015
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,242
    Likes Received:
    385
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I use a smaller setting than what you had yours set to, if that helps. I'd leave it enabled and watch for issues a bit closer when the email comes in next time. There's a reason for it no doubt.

    A long time ago I was hosting a support forum for (a separate site) homeworkers co. that were instructed (to access the work site, not on my server) to disable browser cache, and to use IE6 only. Users were getting blocked all the time when visiting the forum due to my security no matter what I did to try and resolve it (short of giving up security). We optimized the number of images in style and other related items to try sort it for example.

    I didn't know about the browser requirements for the job site until weeks after many complaints about being blocked. No one thought to mention it to me. In the end they moved and life went back to normal.

    Not your issue of course, but if its just one or two users getting blocked, there's probably a good reason for it.

    I like to think of a valid end user getting blocked as a learning experience, for them. It can be annoying sure, but once they learn not to get blocked, they won't forget. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Infopro, Sep 4, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - CT_Limit blocked many
  1. carolainn

    Update is blocked because RPM database is unstable

    carolainn, Jul 13, 2018 at 9:41 AM, in forum: Database Discussion
    Replies:
    1
    Views:
    42
    cPanelLauren
    Jul 13, 2018 at 9:49 AM
  2. Matic

    Blocked access to images and css, js scripts

    Matic, Jul 3, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    62
    cPanelLauren
    Jul 4, 2018
  3. MihaSCO

    Blocked root

    MihaSCO, Jun 28, 2018, in forum: Security
    Replies:
    1
    Views:
    62
    cPanelLauren
    Jun 28, 2018
  4. Samet Chan

    The last attempt to update cPanel & WHM was blocked.

    Samet Chan, Jun 26, 2018, in forum: General Discussion
    Replies:
    6
    Views:
    141
    cPanelMichael
    Jun 29, 2018
  5. 1968gtcs

    User being blocked because of repeated email login attempts

    1968gtcs, Jun 18, 2018, in forum: E-mail Discussion
    Replies:
    6
    Views:
    141
    cPanelLauren
    Jun 20, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice