The main reasons for blocking an external IP address by the Server Firewall
PrintFirewall is installed on our servers and if your IP is blocked by our firewall, we provide you with logs confirming the blocking. Let's try to list the main reasons for blocking IP addresses:
1) Port Scan detected
The IP is blocked when your IP is in the process of scanning TCP and UDP ports. The process of port scanning is mainly used by hackers to find out information about your system before launching more serious attacks, such as DDOS attacks.
2) (ftpd) Failed FTP login :10 in the last 300 secs
10 invalid FTP login attempts in the last 300 seconds. If you are sure that you are entering the correct FTP passwords, it is possible that someone tried to guess the password to your FTP account, for example, in the event of a hacking attempt.
3) (sshd) Failed SSH login 5: in the last 300 secs
5 invalid SSH connections to your account or server. Please make sure that SSH access is enabled for your account.
4) mod_security triggered by ip: 5 in the last 300 secs
Your ip or domain is blocked by mod_security rules. If you receive this message in the firewall logs, please contact technical support for more detailed information on blocking your IP or domain.
5) (smtpauth) Failed SMTP AUTH login from ip: 5 in the last 300 secs
5 invalid SMTP connections within 300 seconds. Sometimes the reason may be the selection of passwords for the mail service of your account.
6) (pop3d) Failed POP3 login from ip:10 in the last 300 secs
IP blocked for 10 invalid POP3 connections
7) Failed cPanel login from ip: 10 in the last 300 secs
IP is blocked for 10 incorrect connections within 300 seconds to the Cpanel control panel. The reason may be incorrect data entered by the client.
