Resolving an Accidental Block by Fail2ban

While working on your site, you may run into an unusual situation: everyone can access your site except for you. Uptime monitoring and external sites like Shot Sherpa show your site as up and accessible. Coworkers on other networks can access your site. When you try to visit your site from your home or office network, though, the server never responds. Let’s take a look at why this happens and how to solve the problem for good.

The Fail2ban Security System

At InMotion Hosting, we use a variety of methods to help secure our servers against attack. One such tool is ‘Fail2ban,’ a popular piece of software that helps prevent intrusion. Fail2ban blocks or limits a number of attack vectors, but the one we’re concerned with here is something called a ‘Brute Force Attack’.

A brute force attack (BFA) is when a hacker or program tries to login to an administrator account or email address by trying thousands of passwords. The attacker will simply try to log in to an account over and over again using different passwords. The idea is that, with enough attempts, a common password or a random string of characters will end up being the right password and let the attacker in. Fail2ban has a simple way of blocking these attacks: if a particular IP address fails to login a certain number of times in a given period of time, access to the account from that IP address is blocked.

Get the protection of Fail2ban on your accounts with our Shared Business Hosting Plans!

The Accidental Lockdown

Fail2ban is a helpful piece of security software– how can it cause trouble for users on shared accounts? The problem is that any incorrect logins can trigger a block from fail2ban– even logins from your computer!

Some mail clients like Mac Mail and Outlook will continuously retry failed logins. This is a design feature meant to be helpful, but can cause problems with security software like fail2ban. If some details like the password or email address are incorrect, the mail client will activate fail2ban’s IP block. This is why your website appears to be inaccessible only from your home or office.

Solving the Problem for Good

If you are blocked from your site due to the fail2ban security system, you must fix the connection issue causing it. Our Support Team can temporarily unblock you, but unless the origin of the problem is fixed the same issue will occur again.

To solve the problem permanently, you must find which device and mail client is causing the issue.

Start by checking any mail clients you have active. Be sure to check all clients and all devices. A tablet you rarely use may have outdated, leftover login information in its mail client that has never been updated. A secondary mail client you only set up for troubleshooting could now be the cause of trouble! Find out which clients are active and which aren’t connecting. You can always update your email passwords in cPanel and make sure the change is carried over to all of your devices.

Don’t try to solve the issue by deleting the email address from cPanel or removing the email address from the server. The mail client will still attempt to login to the now missing email. This will still count as a failed login. You must find the mail client with the incorrect login and either correct the information or deactivate it in the client itself. 

You may need to deactivate some email addresses inside of your mail clients until the temporary ban expires. Usually, the IP block will expire half an hour after the ‘problem’ email address is removed or corrected. Sometimes an IP address may have been blocked for a longer period — a week or more– if there were enough failed login attempts in a row. If that is the case, you’ll need to contact our 24/7 Technical Support team to get the block lifted so that you can finish re-configuring your mail clients.

If you run into trouble, our Support team can also help you check the mail logs to see which addresses seem to be the problem. Lastly, there are a handful of other logins that can result in IP blocks: FTP clients, SQL software, and cPanel itself can cause similar issues. Usually if you fix the login details the issue will resolve itself. If you run into trouble and the usual solutions don’t seem to work, our Support Team can help you narrow down the issue!

Was this article helpful? Let us know!