Skip to main content

Q: Automatic entries made to IP blocker?

Macs R We

I'm experiencing a weird problem where a single IP address gets repeatedly entered into IP Blocker in some automatic fashion (that is, it is not being entered manually by the admin). The address has been cleared twice in the past few days, and within a matter of hours is back on there. The address isn't doing anything deliberately malicious, only accessing a WP blog on the site via an RSS reader (I know this because in this case, the address is mine and the site belongs to a colleague who is not an experienced admin whom I am trying to help out).

I looked for a cPanel whitelisting function he could use, but couldn't find one... so my next move is to ask here if there were any function in cPanel that would automatically block an IP as the result of some other occurrence. If so, is there a log that would provide a clue as to what exactly is upsetting it?

Comments

3 comments

Date Votes
  • Damian

    What firewall are you using?

    cphulk, mod security, imunify360, CSF can all add a block based on a trigger.

    0
  • Macs R We

    That's the sort of question it would be fruitless to ask him. It's certainly something I could look at if he asks me to perform actual work on his issue.

    But before I did I'd still like to know -- which of these blocks (if any) would show up specifically in cPanel IP Blocker? Because I could at least study up on how those triggers get set and triggered.

    For example: I personally use cpHulk, and I know it puts a (temporary) block in the NFT input firewall, then sends you a notification you can click on to make it a permanent block if you choose... but it all happens somewhere out in WHM-land that does not get reflected into the IP Blocker area of cPanel... because I've done it successfully hundreds of times and my own IP Blocker area is still totally empty. So it isn't cpHulk, at least.

    Do any of these other firewalls insert blocks specifically in cPanel IP Blocker? If it possible that WordPress has such a function? Because his entire activity is merely processing a WordPress blog, not engineering firewall rules.

     

    0
  • cPRex Jurassic Moderator

    Oh - so you're referring to the actual cPanel interface tool *called* IP Blocker.  That changes things a bit as there's really only two ways for an IP address to show up there:

    -it gets manually added through cPanel by the site admin (which you say isn't happening)
    or
    -the .htaccess file gets a "Deny from" statement added to it, which would reflect in the IP Blocker interface.

    Can you check and see if there is a .htaccess file on the account that is getting updated that could explain this?

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post