Firewall is a set of devices designed to protect networks from unauthorized access while permitting legitimate communications to pass. Due to security reasons, we have installed Firewall on our servers, too.
Automatic firewall blocks are created for a certain external IP address from which unauthorized access attempts were noticed by the Firewall monitoring program. In case of 20 failed login attempts from your IP address, it gets temporarily blocked for 10 minutes. If more failed login attempts are detected during this period, the IP gets blocked permanently. If the server detects 15 failed login attempts from different IP addresses, this account will be temporarily locked for 5 minutes.
So, if you find yourself not being able to connect to the website, cPanel and webmail from a certain computer, most likely, you have triggered the Firewall rules. Please contact our Support and we will gladly unlock your IP. You can check your external IP address here.
What can be the reason of the IP being blocked and how to avoid it?
When you were not able to log into cPanel for the first time, please do not try to do it as many times as possible. Once you have used the incorrect login details 20 times in 300 seconds, the IP gets blocked. To avoid that, use auto-login options in Namecheap account or check your login details in the Welcome Email Guide that was sent to the email account associated with the hosting package. Otherwise, feel free to ask for the cPanel password reset via our Support.
NOTE: You can use Roboform and Lastpass web browser addons to keep your login details safe and secure without having to type and remember them.
Apart from cPanel login protection, Firewall also prevents unauthorized access to mail service.
1. Block due to webmail failed login attempts
If you were having issues with logging into webmail and, as a result, both cPanel and webmail are no longer available, most likely you have triggered a similar IP block for email access.
2. Block due to failed POP3/IMAP login attempts
If you start receiving errors/pop-up windows related to IMAP/POP3 failed authentication in your email client, then it is possible that login credentials for the email account are outdated/incorrect. Unfortunately, in this case, the email client will not stop trying to access the mail server which may in time result in a permanent IP block as well.
3. Block due to failed SMTP login attempts
This kind of block occurs when SMTP authentication data is not valid so you can’t send mail from the email client (you can still have correct settings for the incoming mail server and receive new emails without issues). Usual symptoms for such issue are the emails that do not leave the “Outbox” folder or errors/pop-up messages that notify about failed SMTP authentication. Make sure that SMTP login is your full email address, and the password is the same as for the incoming mail server.
If you still can’t log in with the old password, consider resetting it once your IP address is unlocked. You can do it in your cPanel account on the Email accounts page >> Manage option:
The email client settings may also cause an IP block, so if you are struggling with an email client setup, it is better to delete the non-functioning email account from the email client and start from scratch later. You can find the correct settings here.
We will also be happy to assist you with its setup in LiveChat.
NOTE: Frequent POP3 queries to the server can cause high general server load. In order to avoid this, we have implemented the limit of 100 POP3 connections per hour from a single IP address for all shared users. Therefore, it is not recommended to set POP3 mail check interval to less than 5 minutes in order to avoid IP blocking.
Make sure your FTP client is using correct login details and appropriate settings. You may check them here. Please make sure you use port 21 for FTP and 21098 for SFTP (SSH). Note that we enable SSH per a user's request. Therefore, please contact us via Support with the request to enable SSH. The tips on how to connect via SSH can be found here.
Port scan is an attack that sends requests of a client to a range of server port addresses on a host with the goal of finding an active port and exploiting a known vulnerability of that service.
To avoid that, please make sure your clients are configured in a way not to permanently attempt to scan ports of a server. Reduce timeout intervals on all FTP and mail clients in your network. If there are many users in your network, and all of them are accessing the Internet from an external IP address, make sure they do not reconnect using FTP or mail clients frequently. Connection requests coming from one IP can trigger the firewall to block the IP.
You can modify FileZilla's max concurrent connections for every site you connect to in the following way:
1. Start up the FTP program FileZilla and go to Edit -> Settings
2. Under the left sidebar menu on the Settings window, you should see the Transfers option. Click on it.
3. Under Concurrent transfers, you have the label "Maximum simultaneous transfers:", then a text box with a numeric value in it. Make sure that the number is 3 or less. It is recommended to keep this value at 1 if possible, because having multiple connections will slow down your uploads in the long run. If the value is more than 3, you may get blocked.
4. Hit the button labeled "OK" and exit FileZilla. Then, start it up again for the changes to take effect: