Difference between revisions of "Security/Ban Control"

From WHMCS Documentation

(Auto Ban Control)
Line 4: Line 4:
 
===Managing Banned IPs===
 
===Managing Banned IPs===
  
To view all the banned IPs in your system, go to '''Setup > Other > Manage Banned IPs'''.  You will then see the IP numbers that are banned, the reason for that ban, and the date/time the ban expires.  You can delete IPs from the ban list that have been banned in error using the red delete icon to the right of the line.
+
To view all the banned IP addresses in your system, go to '''Setup > Other > Manage Banned IPs'''.  You will then see the banned IP addresses, the reason for that ban, and the date and time at which the ban expires.  You can delete IP addresses that have been banned in error from the ban list using the red delete icon to the right of the line.
  
 
===Adding a New Banned IP===
 
===Adding a New Banned IP===
  
To add a new banned IP, click the Add tab near the top of the page.  The add options will then be displayed where you can enter the IP you want to ban, the reason for banning it and the date/time the ban should expire. Once complete, click the Add Banned IP button to ban the IP.  The change will take effect immediately.
+
To add a new banned IP address, click the Add tab near the top of the page.  The add options will appear. You can enter the IP address you want to ban, the reason for banning it, and the date and time at which the ban should expire. Then, click the Add Banned IP button to ban the IP address.  The change will take effect immediately.
  
The last two blocks accept wildcards to enable IP ranges to be blocked, for example 189.123.789.* or 189.123.*.*
+
The last two blocks accept wildcards to enable you to block IP address ranges (for example, 189.123.789.* or 189.123.*.*).
  
 
===Searching Banned IPs===
 
===Searching Banned IPs===
  
To search for a banner IP, click the Filter tab near the top of the page.  You can then filter the list of banned IPs by IP or reason to locate specific IPs you wish to un-ban.
+
To search for a banned IP address, click the Filter tab near the top of the page.  You can then filter the list of banned IP addresses, by IP address or reason, to locate specific IPs you wish to un-ban.
  
 
==Banning Email Domains==
 
==Banning Email Domains==
  
With WHMCS it is possible to ban email domains from signing up.  This is useful if you want to block customers signing up using free email accounts.
+
With WHMCS, you can ban email domains from signing up.  This is useful if you want to block customers from signing up using free email accounts.
  
To enable this feature, simply go to '''Setup > Other > Manage Banned Emails'''.  You will then see a list of all the currently banned email domains and the number of times a customer has attempted to signup using them.
+
To enable this feature, go to '''Setup > Other > Manage Banned Emails'''.  You will then see a list of all the currently banned email domains and the number of times a customer has attempted to sign up using them.
  
To add a new banned email domain, click the Add tab at the top of the page and then enter the email domain you wish to ban, for example "hotmail.com".
+
To add a new banned email domain, click the Add tab at the top of the page and then enter the email domain you wish to ban. For example, "hotmail.com".
  
 
==Auto Ban Control==
 
==Auto Ban Control==
  
WHMCS by default blocks any users IP who attempts to login to the admin area with a valid username and incorrect password three times or more. The length of this ban by default is 15 minutes and is designed to prevent hackers being able to endlessly try different password combinations in order to gain access to your admin area.  You can however alter the length of this ban to increase or decrease it by going to '''Setup >> General Settings >> Security tab >> Failed Admin Login Ban Time'''.
+
By default, WHMCS blocks any user IP addresses that attempt to log in to the admin area with a valid username and incorrect password three or more times. The length of this ban, by default, is 15 minutes. This helps to prevent hackers from endlessly trying different password combinations in order to gain access to your admin area.  You can alter the length of this ban by going to '''Setup >> General Settings >> Security tab >> Failed Admin Login Ban Time'''.
  
To '''disable IP banning''' for failed admin logins set this value to 0. No ban will ever be attempted and the user will be able to continue retrying login endlessly. For this reason we recommend a minimum value of at least 1.
+
To '''disable IP banning''' for failed admin logins, set this value to 0. The system will never attempt to ban IP addresses and the user will be able to continue to attempt to log in endlessly. For this reason, we recommend a minimum value of at least 1.

Revision as of 20:38, 11 May 2020

Banning IP Addresses

With WHMCS, it is possible to ban an IP address from accessing your entire WHMCS system.

Managing Banned IPs

To view all the banned IP addresses in your system, go to Setup > Other > Manage Banned IPs. You will then see the banned IP addresses, the reason for that ban, and the date and time at which the ban expires. You can delete IP addresses that have been banned in error from the ban list using the red delete icon to the right of the line.

Adding a New Banned IP

To add a new banned IP address, click the Add tab near the top of the page. The add options will appear. You can enter the IP address you want to ban, the reason for banning it, and the date and time at which the ban should expire. Then, click the Add Banned IP button to ban the IP address. The change will take effect immediately.

The last two blocks accept wildcards to enable you to block IP address ranges (for example, 189.123.789.* or 189.123.*.*).

Searching Banned IPs

To search for a banned IP address, click the Filter tab near the top of the page. You can then filter the list of banned IP addresses, by IP address or reason, to locate specific IPs you wish to un-ban.

Banning Email Domains

With WHMCS, you can ban email domains from signing up. This is useful if you want to block customers from signing up using free email accounts.

To enable this feature, go to Setup > Other > Manage Banned Emails. You will then see a list of all the currently banned email domains and the number of times a customer has attempted to sign up using them.

To add a new banned email domain, click the Add tab at the top of the page and then enter the email domain you wish to ban. For example, "hotmail.com".

Auto Ban Control

By default, WHMCS blocks any user IP addresses that attempt to log in to the admin area with a valid username and incorrect password three or more times. The length of this ban, by default, is 15 minutes. This helps to prevent hackers from endlessly trying different password combinations in order to gain access to your admin area. You can alter the length of this ban by going to Setup >> General Settings >> Security tab >> Failed Admin Login Ban Time.

To disable IP banning for failed admin logins, set this value to 0. The system will never attempt to ban IP addresses and the user will be able to continue to attempt to log in endlessly. For this reason, we recommend a minimum value of at least 1.