Security/Ban Control

From WHMCS Documentation

Revision as of 08:55, 17 January 2017 by Chance (talk | contribs) (Auto Ban Control)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Banning IP Addresses

With WHMCS, it is possible to ban an IP address from accessing your entire WHMCS system.

Managing Banned IPs

To view all the banned IPs in your system, go to Setup > Other > Manage Banned IPs. You will then see the IP numbers that are banned, the reason for that ban, and the date/time the ban expires. You can delete IPs from the ban list that have been banned in error using the red delete icon to the right of the line.

Adding a New Banned IP

To add a new banned IP, click the Add tab near the top of the page. The add options will then be displayed where you can enter the IP you want to ban, the reason for banning it and the date/time the ban should expire. Once complete, click the Add Banned IP button to ban the IP. The change will take effect immediately.

The last two blocks accept wildcards to enable IP ranges to be blocked, for example 189.123.789.* or 189.123.*.*

Searching Banned IPs

To search for a banner IP, click the Filter tab near the top of the page. You can then filter the list of banned IPs by IP or reason to locate specific IPs you wish to un-ban.

Banning Email Domains

With WHMCS it is possible to ban email domains from signing up. This is useful if you want to block customers signing up using free email accounts.

To enable this feature, simply go to Setup > Other > Manage Banned Emails. You will then see a list of all the currently banned email domains and the number of times a customer has attempted to signup using them.

To add a new banned email domain, click the Add tab at the top of the page and then enter the email domain you wish to ban, for example "hotmail.com".

Auto Ban Control

WHMCS by default blocks any users IP who attempts to login to the admin area with a valid username and incorrect password three times or more. The length of this ban by default is 15 minutes and is designed to prevent hackers being able to endlessly try different password combinations in order to gain access to your admin area. You can however alter the length of this ban to increase or decrease it by going to Setup >> General Settings >> Security tab >> Failed Admin Login Ban Time.

To disable IP banning for failed admin logins set this value to 0. No ban will ever be attempted and the user will be able to continue retrying login endlessly. For this reason we recommend a minimum value of at least 1.