Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Disabling firewall IP blocking on POP3/SMTP/webmail login failures

Discussion in 'Security' started by albatroz, Sep 23, 2015.

  1. albatroz

    albatroz Well-Known Member

    Mar 6, 2003
    Likes Received:
    Trophy Points:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    We currently use Configserver CSF firewall and have lots of problems with customers that end with their IP banned when they type make a mistake typing in their passwords, so I was wondering how can we disable this feature, leaving it enabled for SSH and FTP login failures.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. quizknows

    quizknows Well-Known Member

    Oct 20, 2009
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider
    Read the documentation in /etc/csf/csf.conf

    There are different LF_ settings for different login types.

    I have to advise you against disabling this completely due to a high risk for spam and brute force attacks. However if you want to allow extra login attempts for pop3 for example you could set this to a higher number:

    LF_POP3D = "10"

    Raising that to say 25 should allow customers more login attempts while still blocking bad bots. You can also set temporary blocks instead of permanent by setting the _PERM settings like this:

    LF_POP3D_PERM = "1"

    The setting "1" is a permanent block. Setting a higher number like "300" would be a 5 minute block of the IP (300 seconds = 5 minutes).

    If you change these settings you must fully restart CSF and LDF (just running csf -r will not do this) either restart both services via WHM or run this from command line:

    csf -x ; csf -e

    ensure CSF/LFD enable properly after any changes.
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    In addition to the previous response, you may also want to verify if cPHulk is enabled if you have not already done so. cPHulk can also lock out accounts after failed login attempts.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice