Below, we will outline the most common firewall block reasons as well as what causes them & how to prevent them from happening.
In some cases, you may be able to use our IP Unblock tool found inside your account management portal to unblock your IP. In the event you are unsuccessful at removing the IP block, you may need to contact our support depending on the block that was triggered.
*Port Scan* detected from 22.214.171.124
A “Port Scan” block indicates that you have an application/program on your computer or mobile device from your location that is making connection attempts to our servers on closed ports. The most common problem is due to incorrectly configured FTP applications, email clients and/or trying to SSH into the default port. The IP address shown above as 126.96.36.199 would be replaced by your actual IP address for your modem/router.
Failed SMTP Login
(smtpauth) Failed SMTP AUTH login from 188.8.131.52
The “Failed SMTP Auth” block means that there are multiple consecutive failed SMTP logins for email. This is typically due to making login attempts from a device such as a mobile phone or email client on a PC that has an incorrect email address and/or password being used. To protect against a hacker brute forcing into the email account, our firewall blocks the IP of failed logins as a security precaution. The IP address shown above as 184.108.40.206 would be replaced by your actual IP address for your modem/router.
Failed FTP Login
(ftpd) Failed FTP login from 220.127.116.11
The “Failed FTP Login” block indicates that the login attempts for an FTP connection are failing due to an incorrect username and/or password. To protect against brute force hackers, our firewall will block large amounts of failed FTP logins as a security precaution. The IP address shown above as 18.104.22.168 would be replaced by your actual IP address for your modem/router.
Failed POP3 Login
(pop3d) Failed POP3 login from 22.214.171.124
The “Failed POP3 Login” entry indicates that your email client using the POP3 protocol for email has an incorrect email address and/or password. We recommend that you double check and/or reset the password for the email account in question to resolve this issue. The IP address shown above as 126.96.36.199 would be replaced by your actual IP address for your modem/router.
mod_security (id:xxxxxx) triggered by 188.8.131.52
In the event you see a “mod_security” block being triggered, you will need to contact our support. There are many reasons on why a mod_security related block can be triggered, so we’d need to investigate further. The reasons can range from issues with website modules/plugins triggering a SQL injection block to simply too many failed WordPress or Joomla logins. The IP address shown above as 184.108.40.206 would be replaced by your actual IP address for your modem/router.
Failed cPanel or Webmail Logins
(cpanel) Failed cPanel login from 220.127.116.11
The “Failed cPanel login” block can be triggered two different ways. The first is by making failed login attempts to your cPanel login screen. In this event, we recommend that you reset your cPanel password and verify the username is correct. This firewall block can also be triggered from failed “webmail” logins as well, as the webmail. It is advised to also ensure you’re using the correct email address & password for webmail in addition to cPanel to make sure the block does not continue to happen. The IP address shown above as 18.104.22.168 would be replaced by your actual IP address for your modem/router.If the steps above listed in this article do not resolve your issue, please feel free to open a support ticket and we’d be happy to take a look.
Our Guiding Principles
- Provide consistent, stable and reliable web hosting services.
- Ensure rapid ticket response and quick resolutions to issues.
- Never saturate or over-provision servers to ensure stability and speed for our customers.
- Use only high quality enterprise-class hardware to ensure minimal downtime from hardware failures.
- Provide clear pricing with no hidden fees or gotchas.