The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IP blocked after 5 failing attempts using webmail

Discussion in 'Security' started by notuo, Jan 10, 2012.

  1. notuo

    notuo Member

    Joined:
    Nov 11, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Hi.

    I have a reseller account with cpanel in a shared server.

    I just got some new customer that use webmail as their primary mail client. The issue is as they a re in a LAN with the same IP I am getting complains because their IP is blocked. Sometimes they are just logout of their back end system (even they are not using any cpanel feature) and they are not allowed to login again because of this block.

    Is there a way to prevent this? ie. I believe webmail is a different process from cpanel itself even they are attached.

    I agree in the security issue and to block failed attempts to login into cpanel but webmail is for users, not technicians.

    Any idea or comments is appreciated,
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This is either cPhulk or CSF.
    cPhulk settings: WHM > Security Center > cPHulk Brute Force Protection
    CSF Readme on settings: ConfigServer Security & Firewall

    You could whitelist the IP if you feel its safe to, but I wouldn't suggest that. Instead, explain to the user why he's being blocked and ask him to be more careful going forward when logging in.

    You can find out how the user is getting blocked by reviewing your logs. If you don't have access to those logs as a Reseller, you'll need to speak with your Host.

    HTH!
     
  3. notuo

    notuo Member

    Joined:
    Nov 11, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your answer. That is what I am doing now. The issue is: Many customers in the same shared IP accessing their webmail. You cannot guaranteed all of them type correctly.

    The real thing is (from my point of view) why webmail is in the same status than real cpanel access. I can understand enter webmail using the account name, but what about a simple user accessing his/her mail account (not the account one).
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Getting blocked accessing via a mail client like Outlook for example?
     
  5. notuo

    notuo Member

    Joined:
    Nov 11, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    They don't use any mail client, just webmail. After the block (I am still not sure how is this happening) she cannot enter any part of their website, not only cpanel nor webmail.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    A failed login to any part of the system is a failed login. Do you have root access to this server? If no, you need to speak with your Host. They can check the log and explain how the user(s) is being blocked.
     
  7. notuo

    notuo Member

    Joined:
    Nov 11, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Thanks again. I did this several times and they told me 5 attempts failed-> blocked IP:

    They also believed was a direct cpanel access not webmail.

    My last question: Is there another way I can access horde webmail in order to prevent this to happen?

    Thanks in advance and I'm sorry to push this too much.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This was a failed cPanel login, not Webmail as the error shows us. No one should be logging into cPanel accept the account owner. Security is working as expected I would think.

    You cannot access Webmail directly in your browser, authentication goes thru cPanel first.

    While your Host's suggestion is brief, it really is the best answer. In my experience when a user is temporarily banned for not watching what they type in closely, they learn to watch closer next time.
     
Loading...

Share This Page