We have several layers of security in place to mitigate attacks on and abuse of client websites and email accounts. Our intrusion detection system can identify many types of attacks and then block attackers from further accessing our servers. The process is transparent to most of our clients. However, your situation may require that you have your connection whitelisted in our firewall.
Attacks that are blocked include (but are not limited to) the following:
- Repeated failed logins to cPanel or FTP. This could be an attacker trying to break in to your website.
- Repeated failed logins to password protected pages that use HTTP authentication.
- Repeated triggers of Mod Security rules. This may be an attacker trying to exploit a vulnerability in your website (quite common for outdated Joomla and WordPress installations.
- Port scans. This may be an attacker searching for a vulnerable service to attack.
- Repeated failed logins to email account. This could be a spammer probing for access to send junk email.
- Large percentage of sent emails are not able to deliver. This could be a spammer that has managed to gain access to a website or an email account.
- A relative large number of email messages relayed. This could be a spammer that has managed to gain access to a website or an email account.
The key in the above measure is the word "repeated". We all make mistakes and entering one or two incorrect password will cause any problems. However, sometimes "innocent" users do things that seem like an attack and then gets blocked, for example a user forgets his mailbox password and then tries to log in many times with incorrect passwords. To limit the inconvenience to legitimate users, the following measures are in place:
- On the first detection of a possible attack, a temporary block is placed in the firewall to prevent the offending IP address from accessing the server. Depending on the severity of the attack, the block will be in place for 15 minutes to one hour.
- The temporary firewall block is removed automatically and connections will be allowed again.
- Should there be further repeated signs of attack, the offending IP address will be blocked permanently.
Note that the firewall block is applied to the offending IP address. Should your IP address ever get blocked for "accidental" repeated failed logins, your website and email will remain accessible by others; it is merely your connection that has been blocked.
Avoiding being blocking by the firewall
Here are a few guidelines to help you prevent being blocked by our firewall.
- If you forget a password, avoid trying your login many times. If a given username and password combination does not work the first time, it will likely not work the second time, third time, or the fourth time. No sense in making the same mistake over and over.
- Do not let your mailbox run full. This may cause errors with logins and sending of email. You can use Webmail to clear out your mailbox.
- Should your connection ever be blocked by our firewall, the initial block will be temporary. Avoid making the same error over and over and then getting blocked permanently (i.e. until we manually remove your IP address).
- Keep your computers virus free. Spammer use computer viruses to log users' keystrokes and steal passwords. Once your mailbox or hosting password is known, a spammer will use it to send junk email. The bad guys also employ computer viruses for port scanning to try find weaknesses in server security.
- If you operate a bulk mailing list, you must keep the address list clean of bad addresses. If many addresses fail, you may seem like a spammer trying his luck. Besides that, we consider operating a dirty email list to be abuse of our service. Please consider using a mailing list application such as PhpList to broadcast your bulk emails in a server-friendly way and to facility easy management of your subscriptions. Please also read through our guidelines for operating a bulk mailing list.
- If your organisation sends a large number of emails on a daily basis, request us to whitelist you so that that your connection will not be blocked for sudden large volumes of email.
Whitelisting your connection
We can whitelist your connection in one of two ways:
- IP address: If your internet connection has a dedicated IP address (something you would have specifically arranged with your Internet service provider), then let us know your IP address and we will gladly whitelist it.
- Dynamic DNS: If you are not connecting with a dedicated IP address (99% of users), then consider signing up for a dynamic DNS service. This will give you a dynamic domain name that automatically updates to your current IP address (an updater client needs to be installed on your computer). Let us know your dynamic domain name, and we will be happy to whitelist it. For a list of dynamic DNS providers, see www.dnslookup.me/dynamic-dns.
Reseller clients have access to the firewall and can remove connection blocks for their clients. Log in to Web Host Manager and scroll down left menu to the ConfigServer Security & Firewall function. You are authorised to perform the following functions:
- Search for an IP address to see if it is currently blocked. Tip: To find out what your client's IP address is, ask your client to google "what is my IP address".
- Unblock an IP address.
To whitelist a client's connection, please follow the procedure above and contact us with the relevant dedicated IP address or dynamic domain name.