Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CT_Limit, IP blocked for too many connections

Discussion in 'Security' started by keat63, Aug 24, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,030
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    In CSF, i have CT_Limit configured for 400 connections.
    However, i get the occasional false positive, resulting in customers being blocked in CSF for an hour.

    Any ideas why a browser would use so many connections ?

    I understand that this is to protect against DDOS attacks.
    How many connections would normally be considered a DDOS attack ?
     
    #1 keat63, Aug 24, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,175
    Likes Received:
    1,934
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Aug 31, 2015
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,030
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    That thread does'nt really say much, other than people having the same problem with no solution.
    I've disabled the feature for the time being until i can figure out why it does this.
     
    #3 keat63, Sep 4, 2015
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,513
    Likes Received:
    425
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you get an email alert about the block? What did the email tell you?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Infopro, Sep 4, 2015
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,030
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I can't remeber now, as it's been about two weeks since i disabled the feature.
    Other than I recall it was a UK IP address and it had more than 400 html connections to the server.
    I've seen it a few times and always dismissed it, only this time it was followed by a customer saying that they connect to my site, but after about 5 minutes the site goes down.
    Of course the site didn't go down, CSF blocked them.

    I'd like to reinstate the feature and maybe just increase the number of open connections before a block is triggered, but i've no clue as to how many connections would be considered acceptable.
     
    #5 keat63, Sep 4, 2015
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,513
    Likes Received:
    425
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I use a smaller setting than what you had yours set to, if that helps. I'd leave it enabled and watch for issues a bit closer when the email comes in next time. There's a reason for it no doubt.

    A long time ago I was hosting a support forum for (a separate site) homeworkers co. that were instructed (to access the work site, not on my server) to disable browser cache, and to use IE6 only. Users were getting blocked all the time when visiting the forum due to my security no matter what I did to try and resolve it (short of giving up security). We optimized the number of images in style and other related items to try sort it for example.

    I didn't know about the browser requirements for the job site until weeks after many complaints about being blocked. No one thought to mention it to me. In the end they moved and life went back to normal.

    Not your issue of course, but if its just one or two users getting blocked, there's probably a good reason for it.

    I like to think of a valid end user getting blocked as a learning experience, for them. It can be annoying sure, but once they learn not to get blocked, they won't forget. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 Infopro, Sep 4, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - CT_Limit blocked many
  1. PSON

    FTP: Response: Your connection to this server has been blocked in this server's firewall.

    PSON, Nov 2, 2018, in forum: Security
    Replies:
    1
    Views:
    60
    cPanelMichael
    Nov 2, 2018
  2. markhubert

    IP being blocked in firewall - not showing up in lfd.log

    markhubert, Oct 27, 2018, in forum: Security
    Replies:
    7
    Views:
    109
    dalem
    Nov 11, 2018 at 10:14 AM
  3. CanadaGuy

    cPanel User Blocked From API Calls

    CanadaGuy, Sep 29, 2018, in forum: General Discussion
    Replies:
    13
    Views:
    139
    cPanelLauren
    Oct 4, 2018
  4. Shood

    Prevent users from sending emails that gets server IP blocked?

    Shood, Sep 14, 2018, in forum: E-mail Discussion
    Replies:
    8
    Views:
    261
    Shood
    Sep 21, 2018
  5. joaosavioli

    Blocked distributed ftpd attack emails and LFD going down

    joaosavioli, Sep 10, 2018, in forum: Security
    Replies:
    3
    Views:
    197
    joaosavioli
    Sep 20, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice