Various Reasons for IP Address Block in CSF

Posted on December 6th, 2018


By any chance, if you get access denied when accessing cPanel account, do not try to login multiple time at that situation! If you are using wrong login credentials to access the cPanel and you have already tried 10 or 20 times in 5 minutes, then by that time your public IP will be blocked in the CSF firewall. So before trying to login to your cPanel account, you have to make sure that the Login credentials are correct and valid and they are the exact one in the Welcome Email Guide, that was sent to the registered email account with the hosting package.


Block due to failed POP3/IMAP login attempts

If you are seeing the error windows of IMAP/POP3 failed authentication in your email client, then most probably the login credentials you are currently using for the email account are outdated/incorrect. In this case, also you will end up with your IP get blocked in the CSF as the email client will not stop trying to access the mail server with that wrong credentials.


Block due to failed SMTP login attempts

Another way is that in any case if the SMTP authentication gets invalid so that you are unable to send email from the email client. So it is important to take care of the SMTP credentials to login, make sure that you are using the full email address and the correct password.


Incorrect email client settings

In some cases, the email client settings also cause for an IP block.

Failed FTP/SSH login
If you are accessing the server via FTP with some FTP client, then make sure that you are using the correct login details with the FTP client. Also if you are using incorrect port number to log in then also your IP get blocked in the firewall.

Failed web page login
In some cases, if the website needs authentication to further check as the website has some type of protected directory. Please make sure you use correct login details in the authentication box. Otherwise, there is a chance for your IP get blocked.


Edit CSF Configuration

1) SSH to the server.

2) Open the file csf.conf.

# vi /etc/csf/csf.conf


3) Check the following parameters in the file csf.conf you have opened,

 LT_POP3D = “value”

In the place of value if you replace with a number then the failed POP3 login attempt times per hour per account per IP address is greater than the IP gets blocked. Put the value to zero to disable the option. Please keep in mind that the IP is blocked temporarily and it automatically unblocks after an hour!

LT_IMAPD = “value”

CSF will check the value corresponding to the LT_IMAPD and compare it the number of IMAP login failure and if the failure count is greater than the value mentioned hen the IP will be blocked. Using a high number is recommended other than putting zero as (0=option as disabled). Since this is the temporary block for an hour after that the IP will be unblocked!


LF_SSHD = “value”

LF_SSHD_PERM = “value”

These are the option in CSF to enabled to detect the login failure for sshd connections to the server.


LF_FTPD = “value”
LF_FTPD_PERM = “value”

This option is enabled to check the login failure of ftp connections, compare the value with the login failure count and if the login failure is greater corresponding IP will be blocked.


LF_SMTPAUTH = “value”

This parameter in the CSF will check the login failure of SMTP AUTH connections and the failure counts gets higher than the value set then the IP gets blocked.


LF_POP3D = “value”
LF_POP3D_PERM = “value”

This option is enabled to check the login failure of pop3 connections to the server.


LF_IMAPD = “value”
LF_IMAPD_PERM = “value”

Through this option enabled the CSF will check the login failure of imap connections to the server.


4) You need to restart the csf after that for the changes made to take effect server wide.

Run the below command to restart the CSF.

 # csf -r

Leave a Reply