The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling firewall IP blocking on POP3/SMTP/webmail login failures

Discussion in 'Security' started by albatroz, Sep 23, 2015.

  1. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    We currently use Configserver CSF firewall and have lots of problems with customers that end with their IP banned when they type make a mistake typing in their passwords, so I was wondering how can we disable this feature, leaving it enabled for SSH and FTP login failures.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Read the documentation in /etc/csf/csf.conf

    There are different LF_ settings for different login types.

    I have to advise you against disabling this completely due to a high risk for spam and brute force attacks. However if you want to allow extra login attempts for pop3 for example you could set this to a higher number:

    LF_POP3D = "10"

    Raising that to say 25 should allow customers more login attempts while still blocking bad bots. You can also set temporary blocks instead of permanent by setting the _PERM settings like this:


    LF_POP3D_PERM = "1"

    The setting "1" is a permanent block. Setting a higher number like "300" would be a 5 minute block of the IP (300 seconds = 5 minutes).

    If you change these settings you must fully restart CSF and LDF (just running csf -r will not do this) either restart both services via WHM or run this from command line:

    csf -x ; csf -e

    ensure CSF/LFD enable properly after any changes.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    In addition to the previous response, you may also want to verify if cPHulk is enabled if you have not already done so. cPHulk can also lock out accounts after failed login attempts.

    Thank you.
     
Loading...

Share This Page