cPanel Blocking Xfinity IP Address?
Hi,
Not sure if this is even possible. We have a customer who was send/receiving emails just fine last night. They are on a home network with Xfinity. Today the customer was unable to send/receive emails. I was able to remote into their PC and verify their Outlook settings. I tried browsing to WebMail but that failed. I tried pinging the server and that failed. It worked fine from their cell phone using DATA but on Wifi it failed. We rebooted their Xfinity wifi router/modem but that didn't help.
Is it possible for cPanel to block/blacklist an IP Address out of the blue? I'm assuming this is probably an Xfinity issue but thought I'd ask while I'm in the middle of troubleshooting this issue for the customer.
Thank you.
-
Hey there! Sure, that's completely possible. If the server is running the CSF/LFD firewall that would be the first place to look. There is also cPHulk Brute Force Protection, as that will block an IP due to too many failed logins. I'd start with those and go from there as it does seem they are generally blocked from the whole server if both Outlook and Webmail failed.
0 -
Hi,
So, I looked in the Firewall, under the Firewall Deny IP's, and found this:
csf.deny: 67.166.94.72 # lfd: (PERMBLOCK) 67.166.94.72 (c-67-166-94-72.hsd1.or.comcast.net) has had more than 4 temp blocks in the last 86400 secs - Tue Feb 6 01:33:33 2024
This IP Address belongs to Comcast and is located in an area that the customer is located. The customer is unavailable at the moment for me to do any further testing until this afternoon, but I would like to know why cPanel would block an IP Address from Comcast? If it starts randomly blocking legit IP's from Comcast then this could potentially be a major issue for our customers.
When I connect with the customer this afternoon I will give this IP temporary access through the firewall to see if the customer can send/receive emails. If so, then I can address this IP to the Firewall Allow IP's list. Or, just do a Quick Unblock of that IP. Suggestions?
-1 -
cPanel doesn't make or distribute the CSF tools. Any firewall can block any IP address for any reason - Comcast doesn't get a special pass from any company that I'm aware of :D
I'd just do the Quick Unblock option and then add it to the allow list so it doesn't happen again, if you know that customer's IP is usually static.
0 -
When I look up the IP it appears that it could be dynamic. So, I might just do a Quick Unblock and see how it goes. If it gets blocked again then I can add it to the allow list. Hopefully it's just this IP that is causing an issue.
0 -
Sounds like a good plan - it's likely just that easy.
0 -
Issue resolved. The comcast IP was being blocked by the CFS firewall, I added it to the Firewall Allow IP list and the customer was able to send/receive emails again. Thank you for your help! I learned something new today! :)
0 -
I'm glad that's all it was!
0 -
> I'd just do the Quick Unblock option and then add it to the allow list so it doesn't happen
> again, if you know that customer's IP is usually static.The IP must be added to the ignore list, allow list does not prevent it from being blocked.
in csf.ignore:
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore0 -
"The IP must be added to the ignore list, allow list does not prevent it from being blocked.
in csf.ignore:
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore"So, what is the purpose or difference between the cfs.allow vs cfs.ignore? I added the address to cfs.allow. Looks like that removed it from the block list, unless I did a Quick Unblock first, I don't recall now but I don't see the IP in the block list any longer. TY
0 -
There's some additional discussion on this here:
0
Please sign in to leave a comment.
Comments
10 comments