We use ConfigServer Firewall (CSF) in many of our VPS and dedicated servers to easily manage firewall services.
CSF uses a login failure Daemon (LFD) to track large number of failed login attempts based on IP address to the server by watching logs. If more than a certain number of login failures happens from a particular IP address, the IP will be blocked temporarily and eventually permanently if it continues.
After the IP address is blocked, the individual connecting from that IP address will not be allowed to access to any of the services. Sometimes IP blocks happens false-positively and therefore you must remove some IP blocks. The best thing we can do here is, login to the server as root and run the below command:
csf -dr
replace "" with your IP address you need to remove the IP block.
If the IP is blocked temporarily you have to run the below command:
csf -tr
You have to restart CSF using the below command for the change to take effect
csf -r
Also if you want to find the reason behind the IP block, you can use the below command:
csf -g
You can also do the same from the WHM interface. Login into WHM as root and you will see ConfigServer Security&Firewall under the Plugins section in the left-hand menu. Open the interface, once you are in you will see a "Search for IP" button.
Enter the IP address into the search box and click on "Search for IP." In the reults you will be able to see the reason for IP block as shown below:
You can click the "Unblock IP address" button to unblock the IP address.
