Is the Server Down? I Can’t Log in or Connect

Are you unable to connect to your cPanel server to send or receive email, log into cPanel or WHM, or make an FTP or SSH connection?

Are you able to view your website in your browser? If not, and the connection simply times out, it’s possible that your IP address has been blocked by the server’s firewall. Typically, this is the result of too many failed logins (through cPanel, SSH, FTP, email, etc.) in too short a period of time.

To confirm whether that may be the case, you can test your site via a web service such as Down For Everyone Or Just Me (enter the URL of your website into the search field on the page) to see whether the site appears down for everyone else, or try to visit your website via another network, such as from a phone or tablet over its cellular connection after disabling wifi on the device.

If an IP block is suspected, it can easily be removed. If you have a Dedicated, Storm, or VPS server, and your server is running the CSF firewall, you can unblock the IP address directly from your Manage dashboard. If not, we can log into the server on your behalf, search the firewall for your IP address, and unblock it. Similarly if you’re able to confirm that your IP is not blocked, we can search the server logs for any specific errors associated with your connection attempt, or investigate any possible network issues between your physical location and the server’s that could be preventing you from accessing it.

To speed up that process, when opening a ticket, calling, or chatting in with your support request, please try to include your public IPV4 IP address (which you can obtain here) so that a support technician can help resolve the issue as quickly as possible. Please also include any error messages displayed in your browser (or email, FTP or SSH client) when attempting to connect.

Most Common Support Requests

As you might expect, most support requests on managed cPanel servers fall into a few basic categories. What you might be surprised to discover is that many common problems can be resolved by following a few simple steps.

None of the common cPanel support requests listed here are server-critical issues that require an experienced system administrator to troubleshoot and resolve, and we recognize that many of our customers are curious about their servers and actively engaged in learning more about cPanel server administration.

To that end, we’ve gathered together some of our Most Common Support Requests, and we’re sharing them with you here — along with their solutions.

Should you find yourself experiencing one of these common issues, you’ll know exactly what to expect when contacting our Heroic Support® team. And while you certainly are welcome to try to resolve the issue yourself, remember that we are here to assist you 24 hours a day, seven days a week, 365 days a year.

These articles should hold the answers to a number of common questions and, if you are so inclined, provide you with the tools and resources to resolve some non-critical issues on your own. And should you ever find yourself in need of assistance with any issue, please do not hesitate to contact Heroic Support®.

How to Open a Port in CSF with WHM/cPanel

The Config Server Firewall offers several advantages over the Advanced Policy Firewall, including more robust protection against Denial of Service, SYN flood and other common attacks.

But one of its most appealing features is its plugin for WebHost Manager that allows you to quickly access firewall settings and common tasks through a graphical interface.

Pre-Flight Check

  • These instructions are intended specifically for opening (and closing) ports in the CSF firewall via WHM.
  • If you want to open or close a port in APF or CSF from the command line over SSH, see http://www.liquidweb.com/kb/opening-ports-in-your-firewall/.
  • If your server currently uses APF but you’d prefer CSF, contact Heroic Support® and request a switch. There is no charge, it typically takes only a few minutes, and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Step #1: Open the Firewall Management Page

  1. Once logged in to WHM, you will find the CSF interface under the Plugins section in the left menu.
  2. Click on ConfigServer Security&Firewall or begin typing “firewall” into WHM’s search box at the top left to quickly locate the link.

Step #2: Open Firewall Settings

  1. On the ConfigServer Security & Firewall page, click the Firewall Configuration button to enter advanced settings.

csfeditconfig

Step #3: Manage Ports

    1. On the Firewall Configuration screen, scroll down to the IPv4 Port Settings section.
    2. You will be editing the fields in the Allow incoming TCP ports and Allow outgoing TCP ports sections.

ports2

    • To allow incoming connections to a port, add the number to the TCP_IN = field.
    • To block incoming connections to a port, remove the port number from the TCP_IN = field.
    • To allow outgoing connections from a port, add the port number to the TCP_OUT = field.
    • To block outgoing connections from a port, remove the port number from the TCP_OUT = field.

Step #4: Save Changes and Restart the Firewallrestartcsf

  1. Scroll all the way to the bottom of the Firewall Configuration page and click the Change button to save the settings.
  2. After saving the settings, you will be given the option of restarting the firewall or returning to the settings page to continue editing. Since your changes will not take effect until the firewall is restarted, you will need to click the Restart csf+lfd button to apply the new settings.

Tip: Also Check Storm® Firewall Settings

Storm® Dedicated and VPS customers also have access to a separate Storm® Firewall.

If you are using the Storm® Firewall and have configured it to use advanced settings, you will want to ensure that the ports you’ve changed in WHM also are changed there.

  1. You can access your Storm® Firewall settings from Manage. After clicking on your server name, navigate to the Network section and select the Firewall tab.
  2. If it’s active and using advanced settings, you will need to replicate your port rule in the Storm® Firewall interface to ensure traffic can reach the port.
  3. Find more information and detailed instructions for managing the Storm® Firewall at How to Configure a Storm Firewall.

Find Detailed Information in Our Knowledge Base

To learn how to unblock an IP address via the command line, visit:

 

How To Set up Email in Outlook 2016

Pre-Flight Check

 

Step #1: Add or Edit the Email Account

  1. Account Information screenTo set up a new email account, click the File tab and then click Add Account.
  2. If you’re modifying the settings on an existing account already configured in Outlook, click on Account Settings and then click on Change settings for this account or set up more connections and skip ahead to Step #4: Modifying an Existing Account.

 

Step #2: Manual Setup for a New Email Account

  1. Select the radio button for Manual setup or additional server types.Add Account Setup screen
  2. Then click Next.

 

Step #3: Select Email Account Type

  1. Select the radio button for POP or IMAP.Choose Service screen
  2. And then click Next.

 

Step #4: Modifying an Existing Account

  1. If you’re editing an email account that already has been configured in Outlook, click on the account name and then click on the Change button. Otherwise, skip ahead to Step #5: Configure General Settings.
    Account Settings edit
  2. To avoid data loss, please use caution any time you change an email account’s connection type or delete an email account. Removing an email account from a mail client also will remove all messages associated with it on the device and, specifically in the case of POP accounts that are not configured to retain mail on the server, there may be no way to recover those messages. If you have any doubt or questions, please contact Heroic Support® for guidance.
Note: You cannot edit an existing email account to switch its account type from POP3 to IMAP or vice versa. To change the account type, you must add a new account of the desired type (POP3 or IMAP) per the Add or edit the email account instructions above. Adding a new account with a different connection type should not require you to delete the old one in most mail clients.

Step #5: Configure General Settings

Non-SSL Account Settings

  • Your Name is your name as you want it to appear in emails that you send
  • Email Address should be the full email address
  • Account Type will be POP3 or IMAP, depending on your preference. For its ability to keep email in sync across multiple devices (desktop, laptop, phones and tablets), IMAP generally is recommended.
  • Incoming mail server
    • When using standard (non-SSL) settings, use mail.yourdomainname.com
    • When using secure (SSL) settings, use the server’s hostname (host.yourdomainname.com)
  • Outgoing mail server (SMTP)
    • When using standard (non-SSL) settings, use mail.yourdomainname.com
    • When using secure (SSL) settings, use the server’s hostname (host.yourdomainname.com)
  • User Name is your full email address, not just the part before the at symbol.
  • Password is the email account password.
  • Require logon using Secure Password Authentication (SPA) must not be checked. SPA is not the same as SMTP authentication, which is used on cPanel servers.

 

Step #6: Configure Outgoing Server Settings

  1. Click the More Settings button, and select the Outgoing Server tab.Outgoing Server Settings - SMTP Authentication
    • My outgoing server (SMTP) requires authentication should be checked
    • Use same settings as my incoming mail server should be enabled
    • Log on to incoming mail server before sending mail (POP3 only) should not be enabled. That setting applies only to servers configured to allow POP Before SMTP authentication, in which a successful login to retrieve mail allows a user from the same IP address to also send mail for a period of time. It is not compatible with servers requiring SMTP authentication.
  2. Now select the Advanced tab at the top of the More Settings window.

 

Step #7: Configure Ports and Encryption

  1. Fill in the Advanced settings using the images and instructions below.
  2. Once complete, click OK to return to the previous window.
Non-SSL Ports and Encryption
Advanced Internet E-mail Settings screens for email accounts using IMAP (left) and POP3 (right) connection methods over a standard (non-SSL) network connection.

Standard (Non-SSL) IMAP Settings

Standard (Non-SSL) POP3 Settings

  • Incoming server (IMAP) is port 143
  • Use the following type of encrypted connection is “None”
  • Outgoing server (SMTP) is port 25 (587 also can be used if needed)
  • Use the following type of encrypted connection is “None”
  • Incoming server (POP3) is port 110
  • This server requires an encrypted connection (SSL) is not checked
  • Outgoing server (SMTP) is port 25 (587 also can be used if needed)
  • Use the following type of encrypted connection is “None”

 

SSL Ports and Encryption
Advanced Internet E-mail Settings screens for email accounts using IMAP (left) and POP3 (right) connection methods over a secure (SSL) network connection.

Secure (SSL) IMAP Settings

Secure (SSL) POP3 Settings

  • Incoming server (IMAP) is port 993
  • Use the following type of encrypted connection is “SSL”
  • Outgoing server (SMTP) is port 465
  • Use the following type of encrypted connection is “SSL”
  • Incoming server (POP3) is port 995
  • This server requires an encrypted connection (SSL) is checked
  • Outgoing server (SMTP) is port 465
  • Use the following type of encrypted connection is “SSL”

 

Step #8: Test Settings

Self-Signed SSL Popup

  1. Click the Next button to make a connection to the server and test the configuration.
  2. If you’re using SSL settings and your server has a self-signed (free) SSL certificate installed on the mail server, you may get a popup warning. If so, you will need to click the Yes button to accept the certificate and proceed. Alternatively, you may select View Certificate and then click Install Certificate on the next screen to install the certificate locally and prevent the notice on subsequent connections.
  3. Once you click Yes, Outlook will test the connection settings.
  4. When you see the success message, you’re ready to start using your email address with Outlook 2016.
Note: A self-signed certificate uses the same level of encryption as a verified certificate, except that it is you who are verifying your server’s identity, rather than a third party. However, if you would prefer to use a third-party verified SSL certificate to cover core services (cPanel/WHM, POP3, IMAP, SMTP and FTP) on your server, you can find instructions for ordering and installing an SSL certificate at Install an SSL Certificate on a Domain using cPanel, and you’ll find a guide to installing your certificate on email and other core server services at Installing Service SSLs in cPanel. Should you find that you need any assistance, please feel free to contact a Heroic Support® technician who can assist with obtaining and installing an SSL from the vendor of your choice.

Bonus for IMAP Users: Choose Which Folders to Display in Outlook

Select IMAP FoldersWhen connecting to your email server using the IMAP protocol, you have the ability to choose the specific mail folders to which you wish to subscribe.

To do so, right-click on your email account’s Inbox in Outlook 2016 (some older versions of Outlook may require you to right-click on the email address itself) and then select IMAP Folders from the popup list.

In the IMAP Folders window, click on the Query button in the top right of the window to get the current list of folders in your email account from your server.

Once the list has downloaded from the server , you will see each of your account’s folders on the server listed in the All tab, which should be selected by default, you will see a list of all the email folders in your account on the server. Folders to which you already are subscribed will appear with a folder icon, while folders to which you are not subscribed will have no icon next to their names.

Outlook 2016 IMAP folder Query

You can manage your folder subscriptions by clicking on the folder name in the All list and using the Subscribe or Unsubscribe buttons.

Once you’ve finished making changes, click the Apply button and then select OK if needed. It will take a few moments for the folder list to update in your Mail pane.

Note: When subscribing to filtered mail folders such as Spam or Junk, all the mail coming into those folders on the server also will be downloaded and synced to your selected local mail client as well. If you are using a metered Internet connection or have limited bandwidth, please be aware that the transfer of email does count toward your data usage. If you typically receive a large volume of such filtered mail, subscribing to spam and junk folders is not recommended. Please feel free to contact Heroic Support® if you need assistance filtering unwanted incoming mail.

Find Detailed Information in Our Knowledge Base

Learn how to create a new email address in cPanel at Creating Email Addresses in cPanel.
Find instructions to set up your email account in any email client at How to Set up any Email Client.
For detailed instructions to set up your email account in popular email clients, visit:

 

How to Manage the CSF Firewall in WHM/cPanel

Should you discover (or suspect) that a client or customer’s IP address has been blocked in the firewall, or you just need to open (or close) a port on your cPanel server, you may be able to quickly resolve the issue yourself if you have access to WebHost Manager and the ConfigServer Firewall (CSF).

If your server is using CSF, you will find its interface listed in WHM as ConfigServer Security&Firewall under the Plugins section in the left menu. You also can begin typing “firewall” into the search box at the top left to narrow down the choices.

Note: Should you find no such listing in WHM, feel free to request an upgrade from the APF firewall when contacting support. There is no charge, it typically takes only a few minutes and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Unblocking an IP Address in CSF

To determine whether an IP address is blocked, you can use the Search for IP button on the ConfigServer Security&Firewall page. Simply enter the IP address into the search field and click the button.

csfsearchforip

If the IP address is blocked, the reason for the block will be listed and an unlocked padlock icon will appear to the right of the blocked IP address. Clicking the padlock icon will unblock the IP in the firewall.

csfunblock

 

Allowing (Whitelisting) an IP Address

It is important to note that there are two components to the csf firewall, the firewall itself and the Login Failure Daemon (lfd).

To whitelist an IP address in the firewall (csf.allow), you can enter the IP address into the Quick Allow section, along with an optional comment for the allow (such as “Office network”), and click the Quick Allow button.

csfallow

When an IP address is whitelisted in CSF, it still can become blocked by lfd for abusive behavior such as multiple failed logins or repeated violation of certain modsecurity rules. This helps to mitigate the sort of brute-force attacks that could occur should a computer or device on the same network as a whitelisted IP address become compromised or infected with malware.

It is recommended to whitelist IPs only as necessary and, for a long-term solution, focus on resolving the issue which led to the block (such as incorrect login credentials). However, as a temporary measure while troubleshooting or otherwise working to correct the underlying issue, you can prevent an IP address from being blocked by lfd by adding it to the ignore list (csf.ignore).

That can be done using the Quick Ignore button on the ConfigServer Security&Firewall page.

csfquickignore

Blocked IP? Don’t Forget to Check cPHulk

WebHost Manager also includes the cPHulk Brute Force Protection module which, like the Login Failure Daemon component of the ConfigServer firewall, can block IP addresses (independently of the firewall) when they have repeated failed login attempts.

If you’re trying to unblock an IP address but no block is to be found in the firewall, you will want to check cPHulk as well. In WHM, you’ll find cPHulk Brute Force Protection listed under the Security Center section of the left menu.

On cPHulk’s History Reports tab, you can search for failed logins, blocked users, blocked IP addresses, or one-day blocks.

Removing a block is as easy as clicking the Remove Blocks and Clear Reports button.

cphulkclearblocksYou also can whitelist IP addresses, with an optional comment, under the Whitelist Management tab.

Please be aware that whitelisting an IP address here means that the IP address always will be able to attempt to log into the server. That could potentially present a security risk in the event that a computer or device on the same local network as the whitelisted IP becomes compromised or infected and uses brute force to try to gain protected access. For this reason, IP address whitelisting in cPHulk should be used sparingly and with caution.

Opening and Closing Ports in the Firewall

port1On the ConfigServer Security & Firewall page in WebHost Manager, click on the Firewall Configuration button to enter advanced settings.

On the Firewall Configuration screen, scroll down to the IPv4 Port Settings section, and locate the Allow incoming TCP ports and Allow outgoing TCP ports sections.

ports2

You will need to add the necessary port to the appropriate list (or remove a listed port to block it), then scroll all the way to the bottom of the page and click the Change button to save your settings and restart the firewall.

Port Still Unreachable? Check Your Storm® Firewall

If you have a Storm® server, you have access to an additional firewall which can be accessed via your Manage interface by clicking on your server’s dashboard.

You’ll find your Storm® Firewall settings under the Network section, on the Firewall tab. If you’ve enabled it with advanced settings, you will want to ensure you’ve opened the port there as well.

stormfw

To open a port when using the Advanced Firewall Configuration, click the Add Rule link, give it a Label and set the Destination Port, Protocol, and Action, then click the green button.

Repeat for any additional ports you’re opening (or closing) and then click the Apply Firewall Settings button to apply the settings and restart the firewall.

Find Detailed Information in Our Knowledge Base

 

Error: Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]

This error relates to logging into phpMyAdmin, an open source tool used for the administration of MySQL.

Once in awhile, perhaps on a Development server, MySQL won’t be setup with a root password. The aforementioned configuration is generally thought of as against best practices however, if it is what you’re dealing with, then it could also interfere with phpMyAdmin.

Pre-Flight Check

  • These instructions are intended specifically for solving the error: Login without a password is forbidden by configuration (see AllowNoPassword).
  • I’ll be working from a Liquid Web Self Managed Ubuntu 15.04 server, and I’ll be logged in as root.

The Error

The error will read “Login without a password is forbidden by configuration (see AllowNoPassword)” as shown below.

Error Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]

Continue reading “Error: Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]”