- Posted by bwf
- On November 27, 2013
- 0 Comments
IP blocks on Shared Servers are some of the most frustrating issues for clients and we wanted to take some time to explain this. We regularly get tickets and chats informing us that ‘Our server is down’ when in fact it is just the person’s local IP that is blocked in the server firewall.
If you see your website down and you do not see the server showing as down on our status page then you may want to check the site loads from a Anonymous Proxy Server. There are many out there but here is one we tend to use:
As you can see the site loads from this proxy server and this will always load it from a different IP to your home or office connection. It is a useful test to see if your issue is caused by an IP block.
Let’s look at the experience of one client called Matthew
Sean one of our L3 techs is just off a live chat with Matthew who has had his IP blocked by the firewall. Matthew says this happens regularly when he changes his network. This is logical as each time he gets blocked we whitelist his IP then when he goes away and uses a different network he gets blocked again. In a sense our whitelisting the IP does not solve the problem it just mends it until the client changes his IP and he gets blocked again.
We looked at the server logs and we can see this:
x94.xx.72.xxx | 5 failed login attempts to accoun [email protected] (ftp) — Large number of attempts from this IP: x94.xx.72.xxx | 2013-11-27 10:34:46 | 2013-11-27 10:39:46
As you can see from the logs this client must have an invalid password saved in his ftp software and it must automatically try to log into his ftp account. After 5 times the server will block the IP as it sees 5 invalid login attempts in quick succession so for the protection of our clients the IP is blocked.
The same happens regularly with email especially in an office where multiple people use email. All it takes is one user to enter an invalid password multiple times and the entire office gets blocked. We have also seen an entire School class being blocked out as one user in the class was careless with their password.
Please do not see this as a point of frustration with our service rather please see these blocks as one small step we take to help protect your account. Whilst preventing login on a per IP basis is just a really small step (as a determined hacker can change their IP instantly via VPN or Tunneling) it is still one small step we can take to help protect your account. It is our view it is better to have this policy in place than not have it.
Steps to prevent getting blocked:
If you have a static IP (many offices have but few home users in the UK/Ireland have) then ask us to Whitelist your IP to prevent any issues at all. Remember whitelisting does not solve the core issue such as a bad password but it will prevent you getting blocked for trying a wrong password.
Check all saved passwords are accurate. This is especially true for ftp clients that will try to auto connect or email clients that will try to check mail automatically – wrong passwords can result in a block without you even realising
If you have a VPS server you are in complete control of your firewall rules and we can tweak them to more better suit your organisation needs
Ensure all users of your account are aware of the rules we have in place so they know if their website suddenly stops working
If anyone has any questions about our firewall policy please talk to us and we will be more than happy to answer them for you.