IP lockout duration?

[Tony]

Last night I tried to login via SSH but was using the wrong username. After 2 tries (or was it three?) I got locked out of my site.

Now I'm wondering how long that specific Comcast pool IP will be banned? I can imagine one of my forum members getting it six months from now and both of us being totally puzzled why they can't connect.?

[Maxim M.]

We can remove the IP block upon your request at https://whbsupport.com

[Tony]

Hm. Does that mean the answer is that the pool addy is blocked forever, unless I open a ticket? I don't even remember now what the addy was.

[Helen K.]

You can check your local IP address here: ip.webhostingbuzz.com

Your IP will be permanently blocked for 10 SSH login failures.

[Tony]

Your IP will be permanently blocked for 10 SSH login failures.

Oh, definitely not. I thought it was 2, but it may have been 3. But no way was it 10!

[Matt R.]

It's an autoblock, set in the firewall config file. We can unblock you though, just drop in a helpdesk ticket.

[Tony]

We can unblock you though, just drop in a helpdesk ticket.

Without knowing what the IP was? Maybe not a bad idea to just unblock the entire Comcast pool. And any other public pool. It's not like a block of thie type will stop a hacker or anything.

[Matt R.]

You can get your ip at anytime from whatismyip.com

We're not going to unblock the entire Comcast pool. I don't want to think about how many zombied/trojaned/infected PCs there will be on Comcast users. No good hacker would ever use his own connection/ip.

[Tony]

You can get your ip at anytime from whatismyip.com

We're not going to unblock the entire Comcast pool. I don't want to think about how many zombied/trojaned/infected PCs there will be on Comcast users. No good hacker would ever use his own connection/ip.

I can, but it's not my IP that was locked out. It's the one I was using the other night when I had the brainfart.

I'm not sure I follow your reasoning re: public IP pools. You rightly point out that if a hacker used one it's not likely to be their own, but then you want to keep banning them one by one? Over time this could create an awful lot of trouble, and as you say won't slow down any true hacker at all.

[Matt R.]

It's more of an immediate preventative action instead of trying to build up a definitive blacklist. If the hacker suddenly finds himself blocked (or realises he only gets 10 attempts per IP to try and crack the password), he's quickly going to move on to an easier target.

[Tony]

Oh, no question there has to be an auto-ban in place, even if it does only take a minute to get around it. Again, my concern is that these IPs should be removed from the ban list automatically after a period, since they are public pool IPs and will be reassigned to someone else shortly. Who knows how many members we may have lost because they couldn't see our site?

I mean, if a tanker explodes on the freeway tomorrow morning, we'll block off the road for a while. But if we kept blocking off public roads permanently, after a while there would be no place to drive.

Sorry if I sound like I'm obsessing. AFAIK I doubt I cause more than one IP a year to get banned.

[Valery M.]

Hi,

All the IP blocks due to any login failures (ftp, e-mail, cPanel, SSH and so on)are permanent and can be removed only on a request to our support team. The IP block related to connection tracking is removed automatically within an hour.

Your site will be unavailable only from the IP which is actually blocked at the moment, it will be available from all the other locations. I mean if it's your office and someone accidentally blocked it, then the whole office won't be able to see the site but all the other visitors will be. And once again this block can be easily removed by contacting us and submitting an unblocking request.