Disabling firewall IP blocking on POP3/SMTP/webmail login failures
We currently use Configserver CSF firewall and have lots of problems with customers that end with their IP banned when they type make a mistake typing in their passwords, so I was wondering how can we disable this feature, leaving it enabled for SSH and FTP login failures.
-
Read the documentation in /etc/csf/csf.conf There are different LF_ settings for different login types. I have to advise you against disabling this completely due to a high risk for spam and brute force attacks. However if you want to allow extra login attempts for pop3 for example you could set this to a higher number: LF_POP3D = "10" Raising that to say 25 should allow customers more login attempts while still blocking bad bots. You can also set temporary blocks instead of permanent by setting the _PERM settings like this: LF_POP3D_PERM = "1" The setting "1" is a permanent block. Setting a higher number like "300" would be a 5 minute block of the IP (300 seconds = 5 minutes). If you change these settings you must fully restart CSF and LDF (just running csf -r will not do this) either restart both services via WHM or run this from command line: csf -x ; csf -e ensure CSF/LFD enable properly after any changes. 0 -
Hello :) In addition to the previous response, you may also want to verify if cPHulk is enabled if you have not already done so. cPHulk can also lock out accounts after failed login attempts. Thank you. 0
Please sign in to leave a comment.
Comments
2 comments