Skip to main content

Block IP addresses at the firewall level - Safe to uncheck?

glauco
Ok, I know you should never do anything to compromise security. My problem is, the more clients I sign up to my VPs, the more time I seem to waste unblocking morons who can't follow the simple instructions I send them for setting up email accounts, or decide to use their phone's auto-setup (which never works) and get themselves locked out. Whitelisting IPs isn't a viable option, all my clients are UK based and most (if not all) internet providers here assign dynamic IPs that get refreshed on a daily basis. I am really, really tempted to uncheck "Block IP addresses at the firewall level if they trigger brute force protection" in the cPHulk configuration, so at least when I send clients their email settings I can say "if you mess it up, you'll get locked out for a few minutes, check your settings and try again later, until you get it right" instead of having to manually unblock them every time. My question is: how risky is this policy? Realistically, is my server still safe if genuinely malicious IPs only get locked for a limited time rather than permanently, or is this setting really necessary for complete safety? Obviously I don't want any disasters, but I would love to spend less time dealing with stupid enquiries. Thanks!

Comments

3 comments

Date Votes
  • cPanelMichael
    My question is: how risky is this policy? Realistically, is my server still safe if genuinely malicious IPs only get locked for a limited time rather than permanently, or is this setting really necessary for complete safety? Obviously I don't want any disasters, but I would love to spend less time dealing with stupid enquiries.

    Hello :) Are you utilizing CSF to help block brute force attacks? If so, it's unlikely you are sacrificing very much security when disabling this option in cPhulkd, as CSF should pick up the attacks. Thank you.
    0
  • glauco
    Yes CSF is installed though I've not done any configuration on it. The "check server security" button highlights a lot of options I need to check. As long as I configure CSF properly, I can go ahead and disable that option?
    0
  • cPanelMichael
    Yes, the option to block IP addresses in cPHulk is not required, so you can disable it if you prefer to use CSF to prevent these types of attacks. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post