IP blocked time

A

atlantis21

Well-Known Member
Sep 18, 2012
51
0
56
cPanel Access Level
Root Administrator
I found in WHM firewall this:

Temporary Blocks: IP:xxx.xxx.xxx.xxx Port: Dir:inout TTL:14400 (lfd - (cpanel)
Failed cPanel login from xxx.xxx.xxx.xxx (RS/Serbia/ptxxxxx203-139.ptx.xs): 5 in the last 300 secs)
..Done.

Ok, it says 300sec.
Is 300 sec is waiting period for auto unlocking or 300 sec is period of time when failures has been?
If not, how I can know when ip address auto unblock in minutes? :confused:
 
Q

quietFinn

Well-Known Member
Feb 4, 2006
1,898
465
438
Finland
cPanel Access Level
Root Administrator
That comes from ConfigServer Firewall (CSF+LFD), and it is not part of cPanel/WHM.
You really should ask questions regarding CSF+LFD in their support forum:
ConfigServer Scripts Community Forum • Index page

"5 in the last 300 secs" means that there was 5 failed logins in 300 seconds from that IP, and it will be blocked for 14400 seconds (4 hours).
 
A

atlantis21

Well-Known Member
Sep 18, 2012
51
0
56
cPanel Access Level
Root Administrator
No replay in "ConfigServer Scripts Community Forum".

Can anybody help me in this forum?

how I can know when ip address auto unblock in minutes?
how and where to set and change this settings?
 
Q

quietFinn

Well-Known Member
Feb 4, 2006
1,898
465
438
Finland
cPanel Access Level
Root Administrator
In CSF configuration you have:
LF_CPANEL = 5

That means that if there are 5 login failures in LF_INTERVAL seconds the IP will be blocked.

You have:
LF_INTERVAL = 300

If LF_CPANEL_PERM = 1 then the IP is blocked permanently,
if LF_CPANEL_PERM > 1 then the IP is blocked for fo LF_CPANEL_PERM seconds.
 
C

crazyaboutlinux

Well-Known Member
Nov 3, 2007
939
1
66
What does this mean

If LF_CPANEL_PERM = 1 then the IP is blocked permanently,

LF_CPANEL_PERM = Default: 1 [0-604800] what if give different number from default 1 to 10 ??

Regards,
 
I

Infopro

Well-Known Member
May 20, 2003
17,075
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
crazyaboutlinux said:
What does this mean

If LF_CPANEL_PERM = 1 then the IP is blocked permanently,

LF_CPANEL_PERM = Default: 1 [0-604800] what if give different number from default 1 to 10 ??

Regards,
Click to expand...
You really would benefit a great deal by reading the actual comments in the Firewall configuration settings. Find this area:
Login Failure Blocking and Alerts

The following[*] triggers are application specific. If you set LF_TRIGGER to
"0" the value of each trigger is the number of failures against that
application that will trigger lfd to block the IP address

If you set LF_TRIGGER to a value greater than "0" then the following[*]
application triggers are simply on or off ("0" or "1") and the value of
LF_TRIGGER is the total cumulative number of failures that will trigger lfd
to block the IP address

Setting the application trigger to "0" disables it
Click to expand...
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J IP blocked in firewall won't unblock Security 5
S Apple Mail client constantly blocked for port scanning Security 19
leonep csf does not BAN ip for all rules. some rules just blocked on modsec, other rules ban IP Security 7
V pci scan blocked by IPS? Security 4
P Development Team Keep on Getting Blocked Security 3
Similar threads
IP blocked in firewall won't unblock
Apple Mail client constantly blocked for port scanning
csf does not BAN ip for all rules. some rules just blocked on modsec, other rules ban IP
pci scan blocked by IPS?
Development Team Keep on Getting Blocked
Top Bottom