ConfigServer Community Forum

I have 2 cpanel servers. One is constantly blocking my IP address. I have my WiFi IP whitelisted. But, if for any reason, like a recent power outage, the router gets rebooted and it gets assigned a new IP, that one gets blocked and I have to have someone in another network login and white list that one. This gets really irritating when I am out of the office and my Phone's Verizon IP gets blocked. It happens even before I can whitelist it. I login to the server and before I get to the firewall page I'm blocked.

I do not have this problem with the other server. They are both using CSF.. But this one is one where I have my own domain email so it's maddening.

Is there some kind of setting that can be changed to only block IPs that have x number of failed logins? That's normal.

Thanks.

Does the reason for the block not show up in the syslog?

You can see the most recent dropped packets with:
Or if you want a longer list:
Edit: Actually this one will be more useful for you:

Hiya!

If you search /var/log/lfd.log for your IP address, for example using
It will provide the reasons why LFD is blocking your IP with CSF, so that you can then look at the rules which are triggering.

For example, if I were to search my IP and the following appeared:
Which would make me look at the LF_CPANEL rule and potentially increase it to a higher amount by changing LF_CPANEL to a number higher than 1 in the configuration.

Edit: If it's set to 1, any failure would trigger a block, where as I have it set to 5 so that people get a few chances.

You can also check failed logins in /var/local/cpanel/login_log

Hopefully this helps you out

Kind regards,
Jess