Knowledge Base
MilesWeb / cPanel, Firewall

Common Reasons For Firewall IP Block

Approx. read time : 3 min

In this article we will explain the most common reasons for firewall IP block and the ways in which they can be prevented.

Port Scan

*Port Scan* detected from 1.1.1.1

A ‘port scan’ block signifies that there is an application or a program in your computer or mobile device that is making connection attempts from your location to our servers on closed ports. The most common issue arises due to FTP applications that are not configured correctly. This issue may arise through email clients or when trying to SSH in the default port as well. The IP address denoted above 1.1.1.1, this IP address will be replaced by your original IP address through your modem or router.

Failed SMTP Login

(smtpauth) Failed SMTP AUTH login from 1.1.1.1

When a ‘failed SMTP Auth’ block is shown, it denotes that there are many consecutive failed SMTP login attempts for the email. This is generally because of making login attempts through a device like mobile phone or email client on a PC and the email address or password being used in these attempts is incorrect. In order to prevent a hacker from brute forcing in the email account, our firewall blocks the IP through which the failed login attempts are made as a security measure. The IP address denoted above 1.1.1.1, this IP address will be replaced by your original IP address through your modem or router.

Failed FTP Login

(ftpd) Failed FTP login from 1.1.1.1

When a ‘failed FTP login’ block is shown it signifies that login attempts done through an FTP connection are failing due to the use of incorrect username and/or password. In order to prevent the brute force hackers, our firewall will block a large number of failed FTP logins as a security measure. The IP address denoted above 1.1.1.1, this IP address will be replaced by your original IP address through your modem or router.

Failed POP3 Logins

(pop3d) Failed POP3 login from 1.1.1.1

A ‘Failed POP3 Login’ entry shows that your email client is utilizing the POP3 protocol for email is based on an incorrect email address and/or password. It is recommended that you re-check or reset the password for the email account for resolving this issue. The IP address denoted above 1.1.1.1, this IP address will be replaced by your original IP address through your modem or router.

Mod_Security Block

mod_security (id:xxxxxx) triggered by 1.1.1.1

In case a ‘mod_security’ block is triggered, you will have to get in touch with our support team. There are many reasons behind a mod_security block getting triggered, therefore our team will have to investigate further on this. The reasons behind this can be anything from issues with website modules or plugins triggering an SQL injection block or this block maybe shown simply due to multiple failed WordPress or Joomla login attempts. The IP address denoted above 1.1.1.1, this IP address will be replaced by your original IP address through your modem or router.

Failed cPanel or Webmail Logins

(cpanel) Failed cPanel login from 1.1.1.1

A ‘Failed cPanel login’ block can be triggered in two different ways:

  • The first is by making failed login attempts to your cPanel account. In this case, it is recommended that you reset your cPanel password and verify if the username is correct.
  • This firewall block can also be triggered because of failed ‘webmail’ login attempts. In this case you must ensure if you are using the right email address and password for webmail along with cPanel to make sure that this block is not displayed again.

The IP address denoted above 1.1.1.1, this IP address will be replaced by your original IP address through your modem or router.

If the steps mentioned in this article do not solve your issue, you can get in touch with our support team and we would be happy to help.

Need help? We’re always here for you.