Modify IP Block Checking Time Interval in CSF

Posted on December 6th, 2018

 

When you were not able to log into cPanel for the first time, please do not try to do it as many times as possible. It will lead to IP block if you are trying to login with the wrong login details continuously say 20 times in 5 minutes’ time. To avoid this, you have to make sure that the login details you are using are the exact one in the Welcome Email Guide that was sent to the email account you have used for sign up.

 

Reasons to Block IP Address
Block due to failed POP3/IMAP login attempts
If you start receiving errors/pop-up windows related to IMAP/POP3 failed authentication in your email client, then the chance was high for the login credentials are incorrect or are become outdated. So most probably the email client will try to access the mail server again and again and will cause the result as the permanent IP block eventually.

Block due to failed SMTP login attempts
This kind of block occurs when SMTP authentication details get wrong or they are incorrect and you can’t send emails from the email client. So you have to make sure that SMTP login credentials are correct and valid.

Incorrect email client settings
The email client settings may also cause an IP block

Failed FTP/SSH login
Make sure your FTP client is using correct login details and appropriate settings.  Also if you are using incorrect port number to log in then also your IP get blocked in the firewall.

Failed web page login
There is another possibility for the block that occurs when if there is some kind of authentication form or protected file on the website and if it requires some login details! It is your responsibility that you have to make sure to use correct and valid login credentials.

 

Reset the IP Block Time Interval

1) SSH to the server

2) Open the CSF configuration file ” csf.conf ” in any one of the text editor’s

# vi /etc/csf/csf.conf

3) Change the following values (in seconds)

LF_INTERVAL = 300

Edit and change the above value will change the time interval for the number of failed login attempt from an IP address to the server.

CT_INTERVAL = “90”

Edit and change the above value will change the time interval of the total number of connections from an IP address to the server.

CT_BLOCK_TIME = “1800”

Edit to change the above value to change the IP address block time interval, for that time the IP will be remain blocked.

4) Perform a CSF daemon restart to come in effect the changes have done. Run the below command to restart the CSF.

 # csf -r

 

If you need any further help, please do reach our support department.

 

 

Leave a Reply