IP Address Getting Constantly Getting Blocked

ramorse

Well-Known Member
Sep 6, 2003
254
5
168
cPanel Access Level
Root Administrator
I have 2 cpanel servers. One is constantly blocking my IP address. I have my WiFi IP whitelisted. But, if for any reason, like a recent power outage the router gets rebooted and it gets assigned a new IP, that one gets blocked and I have to have someone in another network login and white list that one. This gets really irritating when I am out of the office and my Phone's Verizon IP gets blocked. It happens even before I can whitelist it. I login to the server and before I get to the firewall page I'm blocked.

I do not have this problem with the other server. They are both using the same (Configserver). But this one, is one where I have my own domain email so it's maddening.

Is there some kind of setting that can be changed to only block IPs that have x number of failed logins? That's normal. I guess I could ask on the Configserver forum as well, but thought I'd start here.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
I do not have this problem with the other server. They are both using the same (Configserver). But this one, is one where I have my own domain email so it's maddening.

Is there some kind of setting that can be changed to only block IPs that have x number of failed logins? That's normal. I guess I could ask on the Configserver forum as well, but thought I'd start here.
In CSF -> csf-Configserver Firewall->Firewall configuration look under "Login Failure Blocking and Alerts", there you can set how many login failures trigger the block, and for how long the block lasts.

I also suggest you look in CSF -> Server Information -> Search System Logs, search for the IP that was blocked and you will see why it was blocked.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
@quietFinn is correct, it sounds like something is attempting to connect to that server with the incorrect credentials along with your logins, checking the logs might reveal more information in that situation.