Every cPanel virtual private server (VPS) includes an installed software firewall called ConfigServer Security & Firewall (csf). This firewall can be used to block IP addresses and includes a separate running process, Login Failure Daemon, that checks logs for invalid logins attempted by bruteforce, and other forms of attacks. For more information on CSF functionality, please see: https://configserver.com/cp/csf.html
You may need to review the csf settings if you are aware of someone being blocked. If you have become blocked yourself, and you are under a management plan for your VPS, please submit a ticket if you are blocked. If you are not under a management plan or wish to unblock yourself, you can unblock yourself using VNC and the command line instructions given below.
The main operations are:
- Block an IP address
- Check if an IP address is blocked / Unblock an IP address
- Whitelist an IP addresses
- Flush all existing blocks on the server
Once logged into WHM, click on Plugins > ConfigServer Security and Firewall. In the WHM screen for CSF, scroll down to the section csf – ConfigServer Firewall.
Beside the button Quick Allow, fill in the IP address in the green box and click the Quick Allow button.
To temporarily block an IP address, scroll to the Temorary Allow/Deny button, fill in the IP address beside this button and then click Temorary Allow/Deny.
How to check if an IP address is blocked/unblock an IP address:
In the WHM screen for CSF, scroll down to the section csf – ConfigServer Firewall.
Beside the button Search For IP, fill in the IP address in the red box and click the Search For IP button.
You will be presented with a new screen that will output the following if not blocked:
‘No matches found for 188.8.131.52 in iptables’
Otherwise you will be presented with the reason for the block and can unblock the IP by clicking the padlock beside the reason given.