Had a weird issue where a certain address was unable to access the cpanel server, but it was intermittent with it working some times, but failing at other times.<\/p>\n\n\n\n
Ended up being the firewall on the WHM server blocking that particular IP address due to failed log in attempts.<\/p>\n\n\n\n
Check the status of LFD (Login Failure Daemon)<\/p>\n\n\n\n
systemctl status lfd<\/pre>\n\n\n\nHow do I know which IP’s are being blocked?<\/h2>\n\n\n\n
Check the logs, dmesg or tail \/var\/log\/messages<\/p>\n\n\n\n
[1122639.674605] Firewall: UDP_IN Blocked<\/em> IN=eth0 OUT= MAC=8e:23:f5:16:a6:b1:cc:51:54:6a:2e:ea:14:00 SRC=72.211.105.113 DST=192.168.1.12 LEN=64 TOS=0x00 PREC=0x00 TTL=246 ID=40014 PROTO=UDP SPT=9307 DPT=161 LEN=44\n[1122646.728510] Firewall: TCP_IN Blocked<\/em> IN=eth0 OUT= MAC=8e:23:f5:16:a6:b1:cc:51:54:6a:2e:ea:14:00 SRC=198.199.98.83 DST=192.168.1.12 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57522 DPT=15672 WINDOW=65535 RES=0x00 SYN URGP=0<\/pre>\n\n\n\nCSF keeps a file with addresses to deny in “\/etc\/csf\/csf.deny” Also nice that if gives you a little bit of info on why it was blocked.<\/p>\n\n\n\n
# grep -r \"192.168.1.21\" \/etc\/csf\/csf.deny\n192.168.1.21 # lfd: (pop3d) Failed POP3 login from 192.168.1.21 (US\/United States\/-): 10 in the last 3600 secs - Tue Jun 20 11:36:15 2020<\/pre>\n\n\n\nYou can also dump all of the rule in iptables with<\/p>\n\n\n\n
iptables --list | egrep \"192.168.1.21\"<\/pre>\n\n\n\nChange 192.168.1.21 with the IP you are looking for<\/p>\n\n\n\n
Whitelist IP Addresses<\/h2>\n\n\n\n
Open up \/etc\/csf\/csf.allow with a text editor and add the IP to the bottom of the file.<\/p>\n\n\n\n
or add the IP address to the end of the file with the following command. Replace 192.168.1.21 with the IP address you want to whitelist.<\/p>\n\n\n\n
echo \"192.168.1.21\" >> \/etc\/csf\/csf.allow<\/pre>\n\n\n\nYou can also do all of this from the WHM web interface “Plugins -> ConfigServer Security & Firewall”<\/p>\n\n\n\n
Further reading<\/p>\n\n\n\n
https:\/\/documentation.cpanel.net\/display\/CKB\/How+to+Configure+Your+Firewall+for+cPanel+Services<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Had a weird issue where a certain address was unable to access the cpanel server, but it was intermittent with it working some times, but failing at other times. Ended up being the firewall on the WHM server blocking that … Continue reading