Our network includes a number of security measures to ensure a clean, trouble-free environment for your hosting services. One of these features is an automatic mechanism that is intended to stop brute-force login attacks. This system monitors login attempts from FTP, SSH, and SMTP services. These automatic systems are intelligent enough to know not to block an IP address if you fail authenticating once or twice.
This is designed to combat automated attacks that keep trying to authenticate multiple times over a very short period of time. In other words, this component of our system is designed to identify the typical behavior of automated brute-force attacks and stop those requests from reaching our network. If these requests go un-checked, this results in wasted resources and affects the overall performance of your hosting services.Here are some important points to consider:
- If you are getting a timeout message in FTP or SSH, it is very likely that your IP was blocked. You will not get messages such as connection refused or invalid login.
- A common cause for the bans we have seen is using incorrect usernames. Using just serveradmin as a username has been a common culprit from our observations. The proper format for a login on the Grid is:
- Once a ban is removed, it may take a few minutes to be able to access the blocked services again. Typically, it will take about 5-10 minutes for this change to be reflected across our systems.
This IP ban also affects your ability to reach your website. If you are receiving a timeout error over HTTP, be sure to follow the instructions below to un-ban your IP address.
How to remove an IP ban/block
First, log into your Account Center. You will automatically be prompted with a notification if there are any active IP bans:
Clicking on the UNBLOCK button will tell our systems to remove the block on the respective IP and you will be able to access services from that IP once more. This usually takes 5-10 minutes to take effect.
IP bans are often the result of mail clients (Outlook, Mac Mail, Thunderbird, etc.) with bad information that repeatedly attempt to log into a mail server. If you have recently changed an email address password, you will need to update it on all clients using that address (home pc, phone, work stations, etc.) Also, we ask that you verify that your mail clients are using the proper email access domain. For help locating this, please navigate here. Once you have verified your access domain, verify your email credentials by logging into webmail.
- If you see a Contact Support link under the "Resolution" column, this means an administrator manually blocked traffic from that IP. This can be for a number of reasons including abuse of our servers. For this case, you will need to open a support request to have the block removed.
- If you see an IP address on this list that is not one that belongs to you, it may be possible that someone is attempting to access your account. Fortunately, in these cases, the system will do its job and stop unwanted login attempts.
- If you do not request an IP to be unblocked, it will still eventually expire. The "Block End Date" column specifies the date at which the IP ban will be automatically removed. No action is required on your part for this system to work as intended.
- When an IP is banned, it only blocks traffic going to/from that specific IP. This features does NOT suspend or impede your hosting services in any way for others. As far as everyone else can see, your website and all its services are operating normally.
- You can determine which IP address you are currently using by going to http://www.whatismyip.com/.