Difference between revisions of "Security/Ban Control"

From WHMCS Documentation
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
WHMCS allows you to ban IP addresses and email domains. You can also configure automatic bans for users who exceed the maximum number of failed login attempts.
 
WHMCS allows you to ban IP addresses and email domains. You can also configure automatic bans for users who exceed the maximum number of failed login attempts.
  
== Banned IPs and Email Domains ==
+
* You can view and manage the list of banned IP addresses at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[Banned IPs]]''' or, prior to WHMCS 8.0, '''Setup > Banned IPs'''.
 
+
* You can alter the length of automatic IP address bans in the '''[[Security Tab|Security]]''' tab at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > General Settings''' or, prior to WHMCS 8.0, '''Setup > General Settings'''.
You can view and manage the list of banned IP addresses at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[Banned IPs]]'''.
+
* You can view and manage the list of banned email domains at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[Banned Emails]]''' or, prior to WHMCS 8.0, '''Setup > Banned Emails'''.
 
 
You can view and manage the list of banned email domains at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[Banned Emails]]'''.
 
 
 
== Auto Ban Control ==
 
 
 
By default, WHMCS blocks any user IP addresses that attempt to log in to the admin area with a valid username and incorrect password three or more times. The length of this ban, by default, is 15 minutes. This helps to prevent hackers from endlessly trying different password combinations in order to gain access to your admin area.  You can alter the length of this ban by going to '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > General Settings > Security tab > Failed Admin Login Ban Time'''.
 
 
 
To '''disable IP banning''' for failed admin logins, set this value to 0. The system will never attempt to ban IP addresses and the user will be able to continue to attempt to log in endlessly. For this reason, we recommend a minimum value of at least 1.
 

Latest revision as of 19:46, 3 May 2022

WHMCS allows you to ban IP addresses and email domains. You can also configure automatic bans for users who exceed the maximum number of failed login attempts.

  • You can view and manage the list of banned IP addresses at Configuration () > System Settings > Banned IPs or, prior to WHMCS 8.0, Setup > Banned IPs.
  • You can alter the length of automatic IP address bans in the Security tab at Configuration () > System Settings > General Settings or, prior to WHMCS 8.0, Setup > General Settings.
  • You can view and manage the list of banned email domains at Configuration () > System Settings > Banned Emails or, prior to WHMCS 8.0, Setup > Banned Emails.
Retrieved from "http://3.17.75.209/index.php?title=Security/Ban_Control&oldid=32513"