After cpanel update IP blocker going crazy

Operating System & Version
Centos 7
cPanel & WHM Version
cPanel & WHM v102.0.8
G

GroupeAccess

Registered
Mar 25, 2022
3
0
1
Canda
cPanel Access Level
DataCenter Provider
Hi,

After a maintenance on the cpanel server, the IP Blocker module is going crazy and keep adding Deny from x.x.x.x on all the htaccess of my clients.

What we did during the maintenance :
- WHM update
- MariaDB update
- Add php 7.4,8,8.1
- Install Nginx reverse proxy (which was removed since.)

I have no idea where it's coming from, we have already uninstall modsecurity but not seems to be related.
And all the IP added in the htaccess with the Deny from are not present in the history of CSF or cphulk history, the greylisting is already disabled.

Can some one help to find why cpanel keep blocking some IP by adding a Deny from x.x.x.x in all the htaccess ?

Thank you
 
cPanelWilliam

cPanelWilliam

Administrator
Staff member
Mar 13, 2018
221
41
153
Houston
cPanel Access Level
Root Administrator
Hello! The IP Blocker feature in cPanel does not automatically block IP addresses. However, the IP blocker feature will read deny rules that were manually added to a site's .htaccess file. It's possible these rules are being added manually via the cPanel interface or by a 3rd party script running on the accounts.

I would recommend checking the cPanel access logs to ensure these aren't being added manually via the IP Blocker or File Manager. If that doesn't shed any light on the issue I would recommend opening a support ticket so our team can try to identify what is causing this to happen.
 
G

GroupeAccess

Registered
Mar 25, 2022
3
0
1
Canda
cPanel Access Level
DataCenter Provider
Thank you for your answer.

" The IP Blocker feature in cPanel does not automatically block IP addresses"
That make sense I didn't found any settings for that or any documentation.

I will investigate to find which third party is doing that, because the issue happen on all my client.
And when we enabled the Nginx reverse proxy, the public IP of our server was banned too.
So the 3rd party that doing that didn't get the real IP of the client, but the IP of the reverse Proxy, Did I miss something in the setup of Nginx reverse proxy ?

Thank you
 
G

GroupeAccess

Registered
Mar 25, 2022
3
0
1
Canda
cPanel Access Level
DataCenter Provider
Thank you for that that was missing.

It should be good now.

ps: I still didn't find with plugin or feature was doing that, but by monitoring the file, only this process seems modifying the htaccess :
/usr/local/cpanel/3rdparty/perl/532/bin/perl
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
E In Progress CPANEL-43534 - Using a link form CP email of "WordPress Updates Digest" gives security error Security 7
Spirogg Question about: cPhulk contains outdated country code IP lists after applying a major version updates to cPanel Security 4
M SOLVED Openssl-1.1.1n : Should we update it manually or will it be done by cpanel soon? Security 15
BlueSteam SOLVED [COBRA-13510] Do I need to manually update service SSL certificates on cPanel? Security 30
B SOLVED CPANEL-37321 - cPHulk Countries Management Updates Security 18
Similar threads
In Progress CPANEL-43534 - Using a link form CP email of "WordPress Updates Digest" gives security error
Question about: cPhulk contains outdated country code IP lists after applying a major version updates to cPanel
SOLVED Openssl-1.1.1n : Should we update it manually or will it be done by cpanel soon?
SOLVED [COBRA-13510] Do I need to manually update service SSL certificates on cPanel?
SOLVED CPANEL-37321 - cPHulk Countries Management Updates
Top Bottom