Below, we will outline the most common firewall block reasons as well as what causes them and how to prevent them from happening.
Failed SMTP Login
(smtpauth) Failed SMTP AUTH login from 1.1.1.1
The “Failed SMTP Auth” block means that there are multiple consecutive failed SMTP logins for email. This is typically due to making login attempts from a device such as a mobile phone or email client on a computer that has an incorrect email address and/or password being used. To protect against a hacker brute forcing into the email account, our firewall blocks the IP of failed logins as a security precaution. The IP address shown above as 1.1.1.1 would be replaced by your actual IP address for your modem/router.
Failed FTP Login
(ftpd) Failed FTP login from 1.1.1.1
The “Failed FTP Login” block indicates that the login attempts for an FTP connection are failing due to an incorrect username and/or password. To protect against brute force hackers, our firewall will block large amounts of failed FTP logins as a security precaution. The IP address shown above as 1.1.1.1 would be replaced by your actual IP address for your modem/router.
Failed POP3 Login
(pop3d) Failed POP3 login from 1.1.1.1
The “Failed POP3 Login” entry indicates that your email client using the POP3 protocol for email has an incorrect email address and/or password. We recommend that you double check and/or reset the password for the email account in question to resolve this issue. The IP address shown above as 1.1.1.1 would be replaced by your actual IP address for your modem/router.
Port Scan
*Port Scan* detected from 1.1.1.1
A “Port Scan” block indicates that you have an application/program on your computer or mobile device from your location that is making connection attempts to our servers on closed ports. The most common problem is due to incorrectly configured FTP applications, email clients and/or trying to SSH into the default port. The IP address shown above as 1.1.1.1 would be replaced by your actual IP address for your modem/router.
Mod_Security Block
mod_security (id:xxxxxx) triggered by 1.1.1.1
In the event you see a “mod_security” block being triggered, you will need to contact our support. There are many reasons on why a mod_security related block can be triggered, so we’d need to investigate further. The reasons can range from issues with website modules/plugins triggering a SQL injection block to simply too many failed WordPress or Joomla logins. The IP address shown above as 1.1.1.1 would be replaced by your actual IP address for your modem/router.
Failed cPanel or Webmail Logins
(cpanel) Failed cPanel login from 1.1.1.1
The “Failed cPanel login” block can be triggered two different ways. The first is by making failed login attempts to your cPanel login screen. In this event, we recommend that you reset your cPanel password and verify the username is correct. This firewall block can also be triggered from failed “webmail” logins as well, as the webmail. It is advised to also ensure you’re using the correct email address & password for webmail in addition to cPanel to make sure the block does not continue to happen. The IP address shown above as 1.1.1.1 would be replaced by your actual IP address for your modem/router.