Skip to content
Help Center

The server has blocked my IP. Why?

Sometimes a user cannot access from home, the office, or a specific network, but can still access from other locations. In those cases, our firewall may have blocked the IP.

Sometimes a user cannot access the service from home, the office, or a specific location, but can still access it from somewhere else.

In that kind of situation, the most likely explanation is that the firewall on our servers has blocked your IP address.

Why is an IP blocked?

Basically to protect the server and the websites hosted on that machine. An IP is blocked when it is considered a threat.

Why was my IP considered a threat?

In most cases, it happens because of repeated failed connections to one of the services, such as FTP, email, or cPanel.

Here is a typical example of a blocked user:

Time: Fri May 16 23:30:14 2014 +0200
IP: 186.3.208.100 (EC/Ecuador/-)
Failures: 7 (smtpauth)
Interval: 86400 seconds
Blocked: Temporary Block (IP match in csf.allow, block may not work)

Log entries:

2014-05-16 22:45:05 dovecot_plain authenticator failed for ([192.168.0.111]) [186.3.208.100]:34473: 535 Incorrect authentication data (set_id=info@xxxxx)
May 16 22:45:12 us30 dovecot: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<info@xxxx>, method=PLAIN, rip=186.3.208.100, lip=69.64.48.59, TLS, session=<OcsXfYr5BQC6A9Bk>
2014-05-16 23:00:05 dovecot_plain authenticator failed for ([192.168.0.111]) [186.3.208.100]:56948: 535 Incorrect authentication data (set_id=info@xxxx)
May 16 23:00:12 us30 dovecot: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<info@xxxx>, method=PLAIN, rip=186.3.208.100, lip=69.64.48.59, TLS, session=<8q69sor5sgC6A9Bk>
2014-05-16 23:15:05 dovecot_plain authenticator failed for ([192.168.0.111]) [186.3.208.100]:39386: 535 Incorrect authentication data (set_id=info@xxxxx)
May 16 23:15:12 us30 dovecot: imap-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<info@xxxxx>, method=PLAIN, rip=186.3.208.100, lip=69.64.48.59, TLS, session=<3O9h6Ir53QC6A9Bk>
2014-05-16 23:30:04 dovecot_plain authenticator failed for ([192.168.0.111]) [186.3.208.100]:57003: 535 Incorrect authentication data (set_id=info@xxxx)

As you can see, the user was repeatedly trying to access the IMAP service with the wrong password. The server treated the behavior as a threat and blocked the IP to protect the domain owner from brute-force attempts.

What should I do?

Blocks are usually released automatically every 10 minutes. That means you should do two things:

  1. Fix the problem that caused the block.
  2. Wait for the block to expire.

What if I do not know the cause?

Write to us with your IP address and we will send you the report with an explanation of why the block happened.

How do I know my IP?

You can find it by visiting any reliable "what is my IP" service.

What if I need urgent access?

In that case, contact us by chat or phone and one of our technicians can review an urgent manual unblock.

Important note: we can only process these requests for clients whose hosting service is actually hosted on our servers.