wolstech

Unsuspended. Please fix the load issue quickly. I noticed you're using Wordpress...which is famous for causing high load due to how badly coded it is. Try reducing the number of extensions your using to see if it helps.

Technically yes, but I'm not too worried about it assuming it's for a team project as you said, and can understand why you'd want a separate one for the team vs. just yourself. Just be sure to delete the team account when you're finished with it.

Yeah, it's definitely stuck suspended...it's suspended for me too, even though it says it shouldn't be. Manually suspending and unsuspending again didn't help... Let's see what Krydos says.

Your account is suspended for two reasons. First, you caused high load, and second you have more than one account... You're only allowed one account. Is this the one you wish to keep? If so, I'll just unsuspend it and consider it a high load suspension. If not, which one do you want to keep?

We don't understand what you need because of your broken English and failure to answer our questions. Have you tried adding it in cpanel? What error message do you get? Can you not sign into the server at all? Please answer these questions so we can figure out what needs to be done. Just saying you can't add it doesn't tell us anything useful.

This is intentionally not supported on Johnny. The autossl service both increases load and has a limit on the number of certs it can handle. With Johnny being older hardware designed for unlimited accounts, autossl would quickly become unusable due to rate limiting anyway, and would also cause load associated with all those ssl installations, many of which would probably never even be used (we get tons of Johnny accounts that are created and never used...) Please instal your own certificate or move back to Ricky or Tommy if you need ssl.

@Krydos: These ranges are the ones I've been seeing a lot over and over again. All of the blocked IPs in these ranges just say failed cPanel login. 141.101.64.0/18 - UK162.158.0.0/15 - Germany172.64.0.0/13 - Country of origin varies (I see US and Hong Kong in the list now)Bold is the ones that most often end up blocked. He's posting from Israel according to his forum posts, but I think I've seen him post with a UK IP as well. Note that when he's blocked, it still works fine for the USA. (Seen here: https://www.cloudflare.com/ips/)

Krydos can enable this for you. Moving so he sees this.

Yep. That account no longer exists due to the rebuild. Please refer to the link ashflazr posted for instructions to get your content backup downloaded and sign up again.

Unsolved. Let's see if Krydos can do something about this.

Sub accounts cannot log into cpanel. They're for FTP accounts only, and should access the server using plain unencrypted ftp on port 21. Unblocked.

I have used eu.org some time back. At that time, it was necessary to have name servers configured for the domain prior to making a domain request. However, they seem to be allowing registration without pre-configured domain servers now. Good to know they did away with that. The practice was nonstandard and was incompatible with just about every cpanel-based host out there, which is probably why they changed. Now if only registro.br would do this...(they're the one we usually hear about when this issue comes up).

Correct. We do not use or support HSTS. If the website needs to force SSL, you must add an exception for the .well-known folder in the .htaccess file. This folder must be accessible over unsecured http or the certs will not issue. WHM is for root admins only. That will never work for you and would only serve to get your IP address blocked for failed logins. Also, be aware that certificates take up to 24 hours to issue after a domain is added and configured correctly.

Sent.

You can't create additional cpanel accounts. Those are for FTP only, and they need to access their account using plain FTP on port 21 (SFTP will not work for sub accounts).

Correct.

If you haven’t already received it from another admin, I can send this later tonight when I’m home.

That's odd... Lets see if Krydos knows.

The block does expire on its own already when the IP falls off the bottom of the block list. Right now that takes just over a week. The next one to expire is from 5/25, so 9 days. Whether we could make these expire sooner is a good question.

Forgot about that. Yeah, it definitely helps in that scenario. CF will stand there and take abuse all day long...our servers just fall over. I personally use it since I have domains that need more some of the more advanced DNS types than what cP offers.

What happens when you just add it as an alias or an addon domain? Is there an error you are getting?

The first time you deploy a war with a new file name, it takes until the next Apache restart to actually start working, and shows a 404 until then. Have you waited a few hours after deploying?

Yep, someone hiding behind CF is hammering away at cPanel. Its worth noting that CF offers app hosting too, so it could be malware that someone made and is using CF to run. Similarly, it could be someone beating on cPanel through a domain that’s protected by CF. Every domain hosted on a server can access cPanel via port 2083, so its a matter of flooding such a domain with POST requests (actually trying to view cP through such a domain should redirect to the server domain). TL;DR: someone is causing CF’s servers to send us bad login attempts. It could even be multiple people considering the limit is only 5 tries in an hour...

It just shows them as Failed cPanel Login, which means someone connected to a site through CF is entering bad usernames and passwords. It could be anybody that region of thje world, accessing any site that has CF on it. Doesn't even need to be your account being hit since all the traffic comes from the same source in our eyes. At the end of the day, CF basically amounts to a really large distributed caching reverse proxy...the firewall is so basic that it has no understanding of such things and thinks its just seeing a user from the internet at large, not a network with hundreds of thousands of users that ultimately share an IP address when it comes to visiting your site.

I unblocked the UK, France, and Poland data centers again (same ones that were blocked last time). They're getting blocked for bad passwords against cPanel. I'm not sure why, but it's always these 3 data centers. Most blocks are from the 162.158.0.0/15 range. You're on Tommy anyway, is there a reason you need CF? The performance should be just fine without it. Johnny and Ricky users are the ones who really benefit most from using CF...