cPanel IP block – How to resolve and prevent IP blocks in cPanel/WHM servers
Web hosts can never shun server security! Majority of them have setup firewalls such as CSF/LFD to protect their cPanel servers by blocking IP addresses of attackers or malicious users.
But we’ve seen many cases where these firewall settings are not proper, blocking even valid users who try to access their websites. Users then approach web hosts, complaining about site unavailability.
cPanel IP block issues are common in shared hosting servers and cPanel VPSs. At Bobcares, our engineers resolve numerous IP block issues in their role as Hosting support specialists for web hosting companies.
Today, let’s take a look at how these IP block issues happen and how we prevent valid IPs from getting blocked.
Pros and cons of cPanel IP blocks
IP blocks help to ban undesired connections to the server from an IP or location or a network. By limiting the number of connections and restricting the IP addresses, they offer a security protection to servers.
The default settings of the cPanel CSF/LFD firewall is to allow only a limited number of connection attempts to the services. This would suit only those average website users who possess a few email accounts and have less frequent site updates.
While automated IP block software such as firewalls provide predictable and consistent server protection, they lack judgement, adaptability and logic. If the firewall rules are set too tight, valid users may also be affected and can find it difficult to access their sites.
- Users who violate mod-security rules unknowingly or exceed the limit of allowed connections requests occasionally for site updates, may be blocked by the firewall.
- Many of these IP blocks in shared servers are also caused by incorrect logins, users saving old passwords in their applications or over-zealous web application firewall settings.
Firewalls that block valid access to the servers are often a nuisance to web hosts. Customers tend to leave over IP blocks, prompting many web hosts to even disable the firewalls.
But we strictly advise against disabling firewalls, as that would render the servers vulnerable to attacks. With our expert intervention, we’ve been able to provide seamless access to users, without disabling the firewall protection for servers.
In our hosting support services, we audit all firewall logs once a week to make sure valid requests are not blocked. Whenever we observe a change in the server traffic pattern, we update the firewall rules to avoid blocking valid customers.
Here’s an overview of how unwanted cPanel IP block issues are investigated, resolved and prevented in our support services.
[ Customers complaining about IP block issues? Get assistance from our 24/7 hosting support team to resolve all server issues. ]
IP block issues – causes and symptoms
When a valid user IP is blocked, that website owner gets a “Connection timed out” error for Mail, Web, FTP or Control Panel services, while others may be able to access those services fine.
This usually happens in the following situations:
- The web owner’s mail client has a very low “mail check interval”, causing multiple connection attempts to the mail server, especially if many users are accessing mail through a common connection.
- The web owner using an old or wrong password in mail, web, FTP or cPanel services interface multiple times, leading the firewall to think it is a brute force attack.
- The web owner has an FTP client set with very high number of simultaneous connections, causing the firewall to treat the connection attempts as a denial of service attack.
- A website or application update or a page access request gets interpreted as a hack attempt by the web application firewall such as mod_security.
While one or two IP block issues per month is normal for a shared server, if too many customers report the issue, then we conclude that the firewall settings are too tight for seamless customer access.