Why Is Your IP Address Blocked?

In this article, we will discuss how and why a VPS server or Dedicated server might block an IP address and how to resolve it.

When your company hosts a website or web app online, whether it’s an individual dedicated server or a whole server cluster, you naturally expect to have uninterrupted access at all times. However, it’s possible that in rare circumstances, your server could accidentally block your IP and prevent you from connecting and using the service.

If that has happened to you, this quick summary will provide you with all the essential information needed to verify the status of your IP. Additionally, we will offer some of the most common reasons for being blocked, as well as a few suggestions on how to unblock and whitelist your IP as quickly as possible.

How Does IP Address Blocking Work?

IP-based blocking creates barriers in a network that block all traffic to or from a set of IP addresses. This approach to blocking content doesn’t directly block content but traffic to known IP addresses associated with some content or an application. IP-based blocking is also accomplished by software on users’ computers, typically for network security purposes.

IP Address Blacklisting

IP blacklisting is a method of filtering illegitimate or malicious IP addresses from accessing networks. A list called a blacklist is created of the IPs desired for blocking and may contain individual or a range of IP addresses. Cybersecurity personnel typically use blacklists with intrusion prevention systems (IPS), firewalls, and other traffic filtering tools to filter malicious traffic according to policies or by manually adding specific IP addresses.

How Do I Know If My IP Is Being Blocked?

To confirm you are blocked from accessing your server, you should try to log in to your web server, as usual, to see what kind of connection error message you’re getting. This error will often provide a specific reason that your IP has been blocked.

In case the error message is vague or unspecific, you can also ping your server for more information.

Ping A Server on Windows

1. Open a Command Prompt (Press Windows+R to open a “Run” box.)
   
2. Type “cmd” in the run box and then press Ctrl+Shift+Enter which will open a verification popup asking if you would like to allow the cmd application to make changes to your device.
   
3. Click yes to open the Administrator Command Prompt.

Next, type in the “ping” command followed by your server’s IP address, and then press Enter

Ping A Server on A Mac

1. Open Spotlight and search for Network Utility
   
2. Switch to the Ping tab
   
3. Enter your server’s IP and click ping.

Additionally, you can ping the server’s IP with an externalmonitoringtool to see whether it’s accessible from other locations. We can also check the operational status of the Liquid Web services at the website.

If your server is accessible to others, you could try logging in using a VPN until your IP block is lifted. You might wonder why the server blocked your IP in the first place? There can be a few reasons for this issue, that will mainly be related to either trying to log in using incorrect credentials, or possibly having your IP associated with spam or malware-like behavior.

Failed Web Login Attempts

The most common scenario for getting blocked by your server is trying to log in too many times too quickly or with incorrect credentials. Most servers have a time limit placed for the number of login attempts. So if you find yourself mistyping the username and password several times, it would be better to reset your password rather than risk getting blocked.

The reason that IP blocking options exist, is to prevent access from unauthorized individuals. This service prevents more severe threats, such as hackers or other malicious individuals from gaining access to your information. If the number of login attempts wasn’t restricted, someone could potentially orchestrate a brute-force attack against the server. This type of attack illustrates how an attacker could try to connect to your login, via a continuous process of trial and error of random username/password combinations. Since most modern web hosting providers have a brute-force monitoring option in place, it could be triggered by your actions as well.

Incorrectly Configured Mail Client

Your web-based mail server has similar brute-force protection in place, which turns on when it detects a specific large number of frequent, unsuccessful login attempts. The problem, however, could be in the IMAP or POP3 configurations of your email client.

Having an error in the stored login credentials or if using SMTP validation, for example, (which doesn’t prevent the software from trying to reach out to the server on the web), could result in the connection attempt being blocked as well.

Misconfigured FTP or SSH Access

Your server not only screens the login attempts to cPanel and the mail server, but it also monitors FTP and SSH connections. There is generally more room for error when logging in through an FTP client since it requires a bit more information than your regular web login. At a minimum, besides your regular username and password, you need to specify the hostname or IP of your server, and the correct port (21 for FTP, and 22 for SFTP, unless an alternative port is being used).

The SSH accessconfiguration is often the most tricky. If you are not sure whether you’re using the correct command in the CLI (Command Line Interface or Terminal), you can contact Liquid Web support at your web hosting company for a walkthrough.

[root@host ~]# ssh root@67.225.133.134
root@67.225.133.134's password:
Permission denied, please try again.
root@67.225.133.134's password:
Permission denied, please try again.
root@67.225.133.134's password:

Spam or Malware Protection

In the unlikely event that someone does gain unauthorized access to your server, their actions are still being monitored for any suspicious activity through a list of rules specified in the ModSecurity module.

As soon as any malware-related activity is detected or your mail server or is being flagged for sending too many email messages, your IP will automatically be added to a blacklist.

Steps To Unblock Your IP Address

The first step to resolve a blocked IP is to submit a support request to Liquid Web with the blocked IP address (which you can look up online). At Liquid Web, we respond to your phone and chat support requests in less than a minute, but if you need a quicker response, there are alternative options that you can try to gain access promptly. These include using your Manage interface;

Or using the CSF interface within WHM.

As noted earlier, you can also try logging in with a different IP, whether that’s from a different physical location (e.g., home instead of an office) or through a VPN client. Once connected, verify that your login credentials are correct, or if not, you can always reset your password. If, for some reason, you are unable to gain access to the server or don’t hear back from our support team right away, you can try to access the server using your regular IP after 15-30 minutes since most IP blocks only temporarily prevent access.

Conclusion

Being blocked from accessing your server, while a definite inconvenience, provides a needed function as the benefits decidedly outweigh the drawbacks. We learned how to test, verify and remedy a blocked IP address. both in Manage and in CSF.

Should you have an issue like this crop up and you are experiencing problems in delisting your IP, give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable systems administrators to have this concern addressed right away! Liquid Web also offers a variety of other managed hosting services, such as VMware hosting and cloud dedicated hosting. Call us today!