Announcement

Collapse
No announcement yet.

Immunify May Be Blocking Me at my Web Host

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Immunify May Be Blocking Me at my Web Host

    Hello, I am looking for some help.

    My hosting provider uses Imunify360. About a month ago, I started getting problems with my logins to sites hosted as well as email accounts.

    Sporadically I get no response when retrieving email, When this happens, I log into any site or the control panel for this account. I get a screen like this and after about 10 seconds, it lets me into the site and everything works perfectly (for a while).



    Click image for larger version

Name:	Screenshot 2024-09-25 164001.png
Views:	190
Size:	37.8 KB
ID:	40280

    My hosting provider can not seem to find any problem and suggests that I contact my ISP.

    One thing to note is that when my email is locked out, I can access it normally when I connect through a different method like wifi email. Everything though my ISP provided IP acts the same with the unwanted behavior. I can also connect normally through my VPN.

    I have tried a lot of troubleshooting steps like new IP, removing software, different email clients. Same thing happens on PC and Apple platforms.

    My current thinking is this:

    I have 8 email accounts that my email client checks. I am wondering if Immunify thinks this is a DOS attack.

    Does anyone have any ideas about this? Is there a log that the web hosting can look at or a setting that should be tweaked?

    Any help with this would be appreciated.

    Thanks!​

  • #2
    Hello Rick,

    The message on the screenshot you've shared is related to the SplashScreen verification (Anti-bot protection feature: https://docs.imunify360.com/features...bot-protection). Since after this page, you've been redirected to the website, there should be no blocking. From our official doc:
    If the challenge is solved by the browser successfully (a human user is not required to go through human confirmation - the process will pass under the hood), a user is redirected to the website, which means that the access is unblocked and the IP address of this user is removed from the Grey List.
    Nevertheless, it would be good to check the Imunify360 logs for incidents triggered for your IP address to say more. They are accessible by root in the following file: /var/log/imunify360/console.log
    You can find an example of the incident here: https://cloudlinux.zendesk.com/hc/en...in-console-log

    Regarding the email access, it may be restricted only by the PAM feature of Imunify360: https://docs.imunify360.com/dashboar...ack-protection

    Your hoster can also find some helpful information regarding the PAM configuration below to tweak parameters for lock attempts:
    Now, brute force attacks are the most used in the world. Keep on reading to learn more about these attacks and how to forget about them with Imunify360.


    Comment


    • #3
      Thanks for the quick response - I will pass this on to my hoster and hopefully they will be able to sort it out.

      Comment


      • #4
        And to add to my last comment, a quick look at the log identified what I believe was the problem. So, I think have this solved. I'll keep a close eye on this and hopefully will not have to get back to you.

        Comment


        • #5
          I’m glad to know you’ve identified what’s the issue, Rick! If it’s something originating from Imunify360, we hope to get some details for forum’s users future reference

          Comment

          Working...
          X