atlantis21

Well-Known Member
Sep 18, 2012
49
0
6
cPanel Access Level
Root Administrator
I found in WHM firewall this:

Temporary Blocks: IP:xxx.xxx.xxx.xxx Port: Dir:inout TTL:14400 (lfd - (cpanel)
Failed cPanel login from xxx.xxx.xxx.xxx (RS/Serbia/ptxxxxx203-139.ptx.xs): 5 in the last 300 secs)
..Done.


Ok, it says 300sec.
Is 300 sec is waiting period for auto unlocking or 300 sec is period of time when failures has been?
If not, how I can know when ip address auto unblock in minutes? :confused:
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
That comes from ConfigServer Firewall (CSF+LFD), and it is not part of cPanel/WHM.
You really should ask questions regarding CSF+LFD in their support forum:
ConfigServer Scripts Community Forum • Index page

"5 in the last 300 secs" means that there was 5 failed logins in 300 seconds from that IP, and it will be blocked for 14400 seconds (4 hours).
 

atlantis21

Well-Known Member
Sep 18, 2012
49
0
6
cPanel Access Level
Root Administrator
No replay in "ConfigServer Scripts Community Forum".

Can anybody help me in this forum?

how I can know when ip address auto unblock in minutes?
how and where to set and change this settings?
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
In CSF configuration you have:
LF_CPANEL = 5

That means that if there are 5 login failures in LF_INTERVAL seconds the IP will be blocked.

You have:
LF_INTERVAL = 300

If LF_CPANEL_PERM = 1 then the IP is blocked permanently,
if LF_CPANEL_PERM > 1 then the IP is blocked for fo LF_CPANEL_PERM seconds.
 

crazyaboutlinux

Well-Known Member
Nov 3, 2007
939
1
66
What does this mean

If LF_CPANEL_PERM = 1 then the IP is blocked permanently,

LF_CPANEL_PERM = Default: 1 [0-604800] what if give different number from default 1 to 10 ??

Regards,
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
What does this mean

If LF_CPANEL_PERM = 1 then the IP is blocked permanently,

LF_CPANEL_PERM = Default: 1 [0-604800] what if give different number from default 1 to 10 ??

Regards,
You really would benefit a great deal by reading the actual comments in the Firewall configuration settings. Find this area:
Login Failure Blocking and Alerts

The following[*] triggers are application specific. If you set LF_TRIGGER to
"0" the value of each trigger is the number of failures against that
application that will trigger lfd to block the IP address

If you set LF_TRIGGER to a value greater than "0" then the following[*]
application triggers are simply on or off ("0" or "1") and the value of
LF_TRIGGER is the total cumulative number of failures that will trigger lfd
to block the IP address

Setting the application trigger to "0" disables it