The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IP blocked time

Discussion in 'General Discussion' started by atlantis21, Mar 5, 2013.

  1. atlantis21

    atlantis21 Well-Known Member

    Joined:
    Sep 18, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I found in WHM firewall this:

    Temporary Blocks: IP:xxx.xxx.xxx.xxx Port: Dir:inout TTL:14400 (lfd - (cpanel)
    Failed cPanel login from xxx.xxx.xxx.xxx (RS/Serbia/ptxxxxx203-139.ptx.xs): 5 in the last 300 secs)
    ..Done.


    Ok, it says 300sec.
    Is 300 sec is waiting period for auto unlocking or 300 sec is period of time when failures has been?
    If not, how I can know when ip address auto unblock in minutes? :confused:
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    That comes from ConfigServer Firewall (CSF+LFD), and it is not part of cPanel/WHM.
    You really should ask questions regarding CSF+LFD in their support forum:
    ConfigServer Scripts Community Forum • Index page

    "5 in the last 300 secs" means that there was 5 failed logins in 300 seconds from that IP, and it will be blocked for 14400 seconds (4 hours).
     
  3. atlantis21

    atlantis21 Well-Known Member

    Joined:
    Sep 18, 2012
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    No replay in "ConfigServer Scripts Community Forum".

    Can anybody help me in this forum?

    how I can know when ip address auto unblock in minutes?
    how and where to set and change this settings?
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    In CSF configuration you have:
    LF_CPANEL = 5

    That means that if there are 5 login failures in LF_INTERVAL seconds the IP will be blocked.

    You have:
    LF_INTERVAL = 300

    If LF_CPANEL_PERM = 1 then the IP is blocked permanently,
    if LF_CPANEL_PERM > 1 then the IP is blocked for fo LF_CPANEL_PERM seconds.
     
  5. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    What does this mean

    If LF_CPANEL_PERM = 1 then the IP is blocked permanently,

    LF_CPANEL_PERM = Default: 1 [0-604800] what if give different number from default 1 to 10 ??

    Regards,
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You really would benefit a great deal by reading the actual comments in the Firewall configuration settings. Find this area:
    Login Failure Blocking and Alerts

     
  7. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Thank you infopro
     
Loading...

Share This Page