We would all like the internet to be a free and safe place where we can gather information, watch our favorite videos, listen to music and enjoy everything uploaded there, but unfortunately, this is not the case.
With the increasing popularity of the web and the ever-increasing number of people on it, the dangers and threats also increase in number. We know this because every day we have the opportunity to observe it and interact to protect our users.
That's why CooliceHost's servers use advanced protection. Our Firewall is one of the most popular and tested on the market using standard rules to restrict unwanted threads against our clients accounts. With the combination of Antivirus and Malware softwares, our chances of protecting our customers' information and data increases significantly. And that is why there are cases where even a real user with non-human behavior can be detected by our integrated softwares. We will explain it and what it happens.
Most common scenario you can get unwanted block by the server your plans is in:
1. Using wrong login credentials for your control panel, mail (SMTP, POP), database access (to phpMyAdmin), or to some of your CMS on your plan (WordPress, Opencart....). This takes our first place.
Here is how it looks like such a message in pour WAF (Web Application Firewall):
csf.deny: XXX.XX.XX.XXX # lfd: (directadmin) Failed DirectAdmin login from XXX.XX.XX.XX (US/United States/YYYYYYYYYY): 5 in the last 3600 secs - Mon Aug 5 16:28:26 2024
XXX.XX.XX.XXX - your IP address
YYYYYYYYYY - your ISP
Usually the block of your IP comes after 5 or 10 wrong login attempts.
2. Cleaning your browser cache while you are logged in. In this case the browser will try to refresh with missing session and that will be counted as login attempt.
3. Opening multiple browser windows/tabs and suspend (by closing the screen) / hibernate laptop and then open it lately when session is expired but the browser tries to refresh panel data with old session and that is counted as login attempts.
4. Browser crashed but not reopen immediately some time later it is reopen try to restore all windows from before crash... again with expired session ...As well as in 3 scenario, this is non-human behavior and the Firewall or some of the other antispam and malware softwares could count as thread. The block of the IP comes next.
5. Strange scripts (only in the portfolio of the softwares - rarely reported before that) trying to manipulate your systems or hosting from your IP address. It looks like this:
Virus in your PC trying to get access or control over your hosting account via your browser, ftp, ssh and other way could be may also refer to this scenario.
6. Installing or browsing through a script (plugin, module, extension) in your system where coding best practices are not well implemented. In this case Mod security blocks your IP.
What should I do once I have blocked?
Do not panic. Most people think that their websites are down or offline for everyone, but they are not. Users can open their websites or control panel via another network using different IP. They can also make sure that everything is fine by using the Geopeeker.com and IsItDownrRghtNow.com.
Once you have blocked, you should reach us and let us know your IPv4 in order to unblock it ASAP. Once we do it, we will also allow it in our WAF and you won't have any problems in future with it. But remember: Your ISP gives you different / dynamic IPs from time to time, so the new one is not in our whitelist and could be blocked as well if it follows in one of the above scenarios.
We would like to apologize for the inconvenience caused and the tedious typing it takes to unblock you, but this is all for the security of our customers and keeping our servers clean and the businesses that rely on it running smoothly. Keep in mind that we also run crons that clear the blocks on a regular bases, so your IP (if it's static) won't be in our blacklists forever.