One of the security measures employed by our system is to block an IP address automatically if a potentially nefarious pattern of activity is seen coming from an IP.
95% of the time an IP is blocked because someone is using that IP to look for vulnerabilities on the site. When our system recognizes this pattern of activity, the IP is automatically blocked. The other 5% are false positives triggered by one of the actions listed below - generally attempting to login to some portion of the system using incorrect credentials.
- 10 failed attempts at logging in within 1 hour
- 10 failed attempts at logging in to an email account within 1 hour
- 5 failed attempts at sending an email using the domain name
- 5 failed attempts at logging into cPanel within 1 hour
- 5 failed attempts at logging in through SSH within 1 hour (SSH is a command-line server interface which would typically only be used by a developer or server administrator)