فايروول السي بانل CSF Firewall الغاء حظر الايميل disable smtp Login Failure Blocking

[Rise Company]

فايروول السي بانل CSF Firewall الغاء حظر الايميل disable smtp Login Failure Blocking
Login Failure Blocking and Alerts - Configure LFD to not block emails for failed login attempts
disable smtp Login Failure Blocking

مشكلة :

Is it possible to configure LFD in ConfigServer Security & Firewall for cPanels WHM to not block failed logins for e-mails? My legitimate users are being blocked more than hack attempts for e-mail accounts.
I've tried googling this but cannot find anything, and don't want to disable LFD entirely as I still want it to block all other types of failed login attempts.
Is there a configuration file that controls what LFD blocks for that can tell it not to block for e-mails?



حل المشكلة:

To change this modify the CSF config file and search for LF_SMTPAUTH. You can set this to 0 to disable it, or increase the number before a ban kicks in. You can also change LF_SMTPAUTH_PERM from 1 to a larger number to make it a temporary permanent ban for that number of seconds. I changed it to 20 attempts and 1800 (30 minutes).

------------------------------------------------

Read the documentation in /etc/csf/csf.conf
There are different LF_ settings for different login types.

I have to advise you against disabling this completely due to a high risk for spam and brute force attacks. However if you want to allow extra login attempts for pop3 for example you could set this to a higher number:

LF_POP3D = "10"
Raising that to say 25 should allow customers more login attempts while still blocking bad bots. You can also set temporary blocks instead of permanent by setting the _PERM settings like this:


LF_POP3D_PERM = "1"
The setting "1" is a permanent block. Setting a higher number like "300" would be a 5 minute block of the IP (300 seconds = 5 minutes).

If you change these settings you must fully restart CSF and LDF (just running csf -r will not do this) either restart both services via WHM or run this from command line:

csf -x ; csf -e
ensure CSF/LFD enable properly after any changes.



المرجع:
https://superuser.com/questions/6341...login-attempts
https://forums.cpanel.net/threads/di...ilures.498871/
https://www.interserver.net/tips/kb/...-block-in-csf/

[Rise Company]

Various Reasons for IP Address Block in CSF

By any chance, if you get access denied when accessing cPanel account, do not try to login multiple time at that situation! If you are using wrong login credentials to access the cPanel and you have already tried 10 or 20 times in 5 minutes, then by that time your public IP will be blocked in the CSF firewall. So before trying to login to your cPanel account, you have to make sure that the Login credentials are correct and valid and they are the exact one in the Welcome Email Guide, that was sent to the registered email account with the hosting package.

Block due to failed POP3/IMAP login attempts
If you are seeing the error windows of IMAP/POP3 failed authentication in your email client, then most probably the login credentials you are currently using for the email account are outdated/incorrect. In this case, also you will end up with your IP get blocked in the CSF as the email client will not stop trying to access the mail server with that wrong credentials.

Block due to failed SMTP login attempts
Another way is that in any case if the SMTP authentication gets invalid so that you are unable to send email from the email client. So it is important to take care of the SMTP credentials to login, make sure that you are using the full email address and the correct password.

Incorrect email client settings
In some cases, the email client settings also cause for an IP block.
Failed FTP/SSH login
If you are accessing the server via FTP with some FTP client, then make sure that you are using the correct login details with the FTP client. Also if you are using incorrect port number to log in then also your IP get blocked in the firewall.
Failed web page login
In some cases, if the website needs authentication to further check as the website has some type of protected directory. Please make sure you use correct login details in the authentication box. Otherwise, there is a chance for your IP get blocked.

------------------------------------------------------


Edit CSF Configuration
1) SSH to the server.
2) Open the file csf.conf.

# vi /etc/csf/csf.conf

3) Check the following parameters in the file csf.conf you have opened,
LT_POP3D = “value”

In the place of value if you replace with a number then the failed POP3 login attempt times per hour per account per IP address is greater than the IP gets blocked. Put the value to zero to disable the option. Please keep in mind that the IP is blocked temporarily and it automatically unblocks after an hour!
LT_IMAPD = “value”

CSF will check the value corresponding to the LT_IMAPD and compare it the number of IMAP login failure and if the failure count is greater than the value mentioned hen the IP will be blocked. Using a high number is recommended other than putting zero as (0=option as disabled). Since this is the temporary block for an hour after that the IP will be unblocked!

LF_SSHD = “value”
LF_SSHD_PERM = “value”

These are the option in CSF to enabled to detect the login failure for sshd connections to the server.

LF_FTPD = “value”

LF_FTPD_PERM = “value”

This option is enabled to check the login failure of ftp connections, compare the value with the login failure count and if the login failure is greater corresponding IP will be blocked.

LF_SMTPAUTH = “value”

LF_SMTPAUTH_PERM = “value”

This parameter in the CSF will check the login failure of SMTP AUTH connections and the failure counts gets higher than the value set then the IP gets blocked.

LF_POP3D = “value”

LF_POP3D_PERM = “value”

This option is enabled to check the login failure of pop3 connections to the server.

LF_IMAPD = “value”

LF_IMAPD_PERM = “value”

Through this option enabled the CSF will check the login failure of imap connections to the server.

4) You need to restart the csf after that for the changes made to take effect server wide.