Difference between revisions of "Security/Ban Control"

From WHMCS Documentation

m (Auto Ban Control)
(Banning IP Addresses)
Line 1: Line 1:
==Banning IP Addresses==
+
==Banning IP Addresses==79.103.73.250
 
With WHMCS, it is possible to ban an IP address from accessing your entire WHMCS system.
 
With WHMCS, it is possible to ban an IP address from accessing your entire WHMCS system.
  

Revision as of 16:36, 30 April 2009

==Banning IP Addresses==79.103.73.250 With WHMCS, it is possible to ban an IP address from accessing your entire WHMCS system.

Managing Banned IPs

To view all the banned IPs in your system, go to Configuration > Manage Banned IPs. You will then see the IP numbers that are banned, the reason for that ban, and the date/time the ban expires. You can delete IPs from the ban list that have been banned in error using the red delete icon to the right of the line.

Adding a New Banned IP

To add a new banned IP, click the Add tab near the top of the page. The add options will then be displayed where you can enter the IP you want to ban, the reason for banning it and the date/time the ban should expire. Once complete, click the Add Banned IP button to ban the IP. The change will take effect immediately.

Searching Banned IPs

To search for a banner IP, click the Filter tab near the top of the page. You can then filter the list of banned IPs by IP or reason to locate specific IPs you wish to un-ban.

Banning Email Domains

With WHMCS it is possible to ban email domains from signing up. This is useful if you want to block customers signing up using free email accounts.

To enable this feature, simply go to Configuration > Manage Banned Emails. You will then see a list of all the currently banned email domains and the number of times a customer has attempted to signup using them.

To add a new banned email domain, click the Add tab at the top of the page and then enter the email domain you wish to ban, for example "hotmail.com".

Auto Ban Control

WHMCS by default blocks any users IP who attempts to login to the admin area with a valid username and incorrect password three times or more. The length of this ban by default is 15 minutes and is designed to prevent hackers being able to endlessly try different password combinations in order to gain access to your admin area. You can however alter the length of this ban to increase or decrease it by going to Configuration > General Settings > Other > Exceeding Invalid Login Attempts Ban Time