Friday, January 21, 2011

Beware: Too many invalid cPanel logins can cause you unable to see your site!

"Bro, we have a problem with the webmail," my client called me on one windy afternoon. "Can you help?"

"Sure! What's the problem?" I replied.

Client: "Can't go to the website. Internet Explorer said something wrong with the connection."

Me: "Other websites OK?"

Client: "Yep. Google, eBay, Facebook are all okay. Only 21watches.com webmail has problem."

Hmm.. perhaps the webmail server is having problem, I thought. But to make sure: "So you can still go to 21watches.com?"

Client: "Yep, I can go ther---oh hold on... No man, it's down too looks like. But yesterday was OK though."

Good, so everything on that site was down... except that it's NOT! I was on that website in that very second---using Firefox, in case the problem with my client was due to his IE misbehaving.

Me: "Perhaps your network guy did something bad? Like blocking your site by accident...."

Client: "No, he's on vacation since last week. Yesterday no problem, and nobody else has access to the router. Heck, nobody here even KNOW what is a router."

What a mystery... Anybody care to guess why?



So the following were the facts:

  • Except 21watches.com, browsing other websites are OK. However, on my PC---and I also tested on my cellphone---21watches.com could load without any problem. This means it's not website problem
  • No network/router configuration changes were made. Assuming no hacker intrusion---and what hacker wants to block ONLY 21watches.com anyway?---and only 21watches.com was affected, this means it's not network problem as well.
  • There was no problem the day before, and no changes were made on the website/hosting side, so something happened between yesterday and today must have caused this problem.

My guess was that somehow their IP got blocked by the hosting company. Not by their DSL provider, because it wouldn't make sense if they would only block 21watches.com. So off I went to test my theory: I remotely logged in to their router, used the router's diagnostic tool to do a traceroute to 21watches.com, and---gotcha! The tracert stopped at silvercore1.whbdns.com (207.210.114.166), which is the 'entry point' to the web hosting provider.

Oh well.. off I went, making one call to Namecheap to unblock it. Courious, I asked the reason of the block, and it was because of 5 login failures to cPanel within 5 minutes. Oh boy :(

One more call to close this case: to the client. I told him that somebody in his company tried to login to the website's cPanel unsuccessfully too many times, as well as the hosting's policy of IP blockage due to this issue. "Next time, let me know if you guys forget the password; I can help reset it. Don't guess too many times, or they will block you again," I said.

"Don't worry, it won't happen again. And I'll find out who did that this time for sure!" he said.

So the moral of the story is as always: Making one or two mistakes are understandable, but three is too many, and five I guess is too much. Especially if you're on Namecheap (and I think other hosting providers must also have similar restrictions), they will block you if you make invalid cPanel logins 5 times in 5 minutes.

There, keep that in mind.

And good luck to that person who did it that time. May my client spare your life....

Questions? Problems? Leave a comment and I’ll try my best to help.

No comments:

Post a Comment