Skip to main content

cPanel Blocking Xfinity IP Address?

Comments

10 comments

  • cPRex Jurassic Moderator

    Hey there!  Sure, that's completely possible.  If the server is running the CSF/LFD firewall that would be the first place to look.  There is also cPHulk Brute Force Protection, as that will block an IP due to too many failed logins.  I'd start with those and go from there as it does seem they are generally blocked from the whole server if both Outlook and Webmail failed.

    0
  • Amiga500

    Hi,

    So, I looked in the Firewall, under the Firewall Deny IP's, and found this:

    csf.deny: 67.166.94.72 # lfd: (PERMBLOCK) 67.166.94.72 (c-67-166-94-72.hsd1.or.comcast.net) has had more than 4 temp blocks in the last 86400 secs - Tue Feb  6 01:33:33 2024

    This IP Address belongs to Comcast and is located in an area that the customer is located.   The customer is unavailable at the moment for me to do any further testing until this afternoon, but I would like to know why cPanel would block an IP Address from Comcast?  If it starts randomly blocking legit IP's from Comcast then this could potentially be a major issue for our customers.

    When I connect with the customer this afternoon I will give this IP temporary access through the firewall to see if the customer can send/receive emails. If so, then I can address this IP to the Firewall Allow IP's list.  Or, just do a Quick Unblock of that IP. Suggestions?

    -1
  • cPRex Jurassic Moderator

    cPanel doesn't make or distribute the CSF tools.  Any firewall can block any IP address for any reason - Comcast doesn't get a special pass from any company that I'm aware of :D

    I'd just do the Quick Unblock option and then add it to the allow list so it doesn't happen again, if you know that customer's IP is usually static.

    0
  • Amiga500

    When I look up the IP it appears that it could be dynamic. So, I might just do a Quick Unblock and see how it goes.  If it gets blocked again then I can add it to the allow list. Hopefully it's just this IP that is causing an issue.

    0
  • cPRex Jurassic Moderator

    Sounds like a good plan - it's likely just that easy.

    0
  • Amiga500

    Issue resolved.  The comcast IP was being blocked by the CFS firewall, I added it to the Firewall Allow IP list and the customer was able to send/receive emails again.  Thank you for your help! I learned something new today! :)

    0
  • cPRex Jurassic Moderator

    I'm glad that's all it was!

    0
  • quietFinn

    > I'd just do the Quick Unblock option and then add it to the allow list so it doesn't happen
    > again, if you know that customer's IP is usually static.

    The IP must be added to the ignore list, allow list does not prevent it from being blocked.

    in csf.ignore:
    # Note: IP addressess listed in this file will NOT be ignored by lfd, so they
    # can still be blocked. If you do not want lfd to block an IP address you must
    # add it to csf.ignore

     

    0
  • Amiga500

    "The IP must be added to the ignore list, allow list does not prevent it from being blocked.

    in csf.ignore:
    # Note: IP addressess listed in this file will NOT be ignored by lfd, so they
    # can still be blocked. If you do not want lfd to block an IP address you must
    # add it to csf.ignore"

    So, what is the purpose or difference between the cfs.allow vs cfs.ignore?  I added the address to cfs.allow. Looks like that removed it from the block list, unless I did a Quick Unblock first, I don't recall now but I don't see the IP in the block list any longer. TY

    0
  • cPRex Jurassic Moderator

    There's some additional discussion on this here:

    https://www.webhostingtalk.com/showthread.php?t=1116459

    0

Please sign in to leave a comment.