The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IP Table CSF Problem

Discussion in 'Security' started by trec-r, Apr 6, 2012.

  1. trec-r

    trec-r Active Member

    Joined:
    Aug 10, 2008
    Messages:
    41
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    The problem started when the client tried to login into their webmail, they entered the password wrong a number of times resulting in CSF blocking their IP address. I found their IP, unblocked it through CSF, then helped them reset their password. Everything should have been fine at that point. However they still can not access their email. I confirmed the IP is not blocked. They have a good connection to the server. Webmail and pop3 indicate invalid username or password. Checking from other locations the username and password are fine. Rebooted server with no change. Disabled CSF and LFD with no change.

    In CSF a search for the IP results in the following. Note 198.168.0.1 is replacing the real ip.

    Chain num pkts bytes target prot opt in out source destination

    LOCALINPUT 1 88 12604 ACCEPT all -- !lo * 198.168.0.1 0.0.0.0/0

    LOCALOUTPUT 1 89 35554 ACCEPT all -- * !lo 0.0.0.0/0 198.168.0.1

    ...Done.

    My server build is as follows:
    WHM 11.32.2 (build 15)
    CENTOS 5.6 i686 virtuozzo
    csf v5.49

    Do I need to edit IP tables? I was hoping to avoid that, which is why I installed CSF and LFD. Let me know if you need any more information.

    Thanks
    Richie
     
  2. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    did you check the cphulk brute force logs for a 2 week ban on that ip?
     
  3. trec-r

    trec-r Active Member

    Joined:
    Aug 10, 2008
    Messages:
    41
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Yes. I removed the ban. Which seems to have fixed part of the problem. They can now log into the webmail. However pop3 access is still blocked. SMTP is working fine though. Any ideas would be greatly appreciated.

    Thanks
    Richie
     
  4. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hey Richie,

    I would check the /var/log/maillog log in real time while they try to login to your POP3 server and see whats going on, there is a chance that they are typing a wrong password.
     
  5. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    whats the error you are getting when logging into POP3?
     
Loading...

Share This Page