WebFaction
Community site: login faq

I tried to connect to my web hosting account through SSH and fat-fingered the password three times in a row, and now I can no longer connect at all. It appears my "IP address might have been temporarily banned after several consecutive failed connection attempts" according to docs . How many days do these bans typically last?

asked 15 Jun '13, 22:02

pinop8's gravatar image

pinop8
1313
accept rate: 0%

You can open a support ticket to get unblocked. Additionally, I definitely suggest setting up an SSH key so that you don't need a password to log in. http://www.howtoforge.com/ssh_key_based_logins_putty

(15 Jun '13, 22:15) SethKinast SethKinast's gravatar image

The bans last exponentially longer with more and more failed login attempts from your IP address; the first ban lasts only about 10 minutes, but subsequent bans raise this length substantially, and at maximum the ban can last upwards of a week (although this is rare for legitimate users, it can be common for brute-force password-guessers).

As SethKinast mentioned, you can open a support ticket to request your IP be unblocked. Be sure to include the IP address you are connecting from in order to be sure that we check and unblock the correct IP.

Finally, also as mentioned, One effective method to prevent this from happening in the future is to utilize SSH keys. This way, even if your local private key is encrypted, multiple failed attempts at decrypting your private key will have no effect on the server (as it is a client-side operation).

Hope that helps!

permanent link

answered 15 Jun '13, 23:51

ryans's gravatar image

ryans ♦♦
5.0k42652
accept rate: 43%

edited 15 Jun '13, 23:53

I think there's a special case where someone forgot to change a permission of a private key then got an error "WARNING: UNPROTECTED PRIVATE KEY FILE!"... that could somehow invalidate the key login. Then user forgot the password when asked, it all fails and banned.

I think it's easier for us to have a little bit of control if we have a page where we can input IPs to be whitelisted.. OR just unblock IPs.

(27 Jul '16, 09:59) cliper cliper's gravatar image

If the permissions on the key are invalid, SSH would fall back to the next authentication mechanism and will ask for a password. The login will be invalidated only if the password is incorrect. In this case, the IP address will be blocked temporarily.

As for unblocking the IP addresses, users can always post a ticket, and a support operator will unblock the IP address.

(27 Jul '16, 10:15) dimitari ♦♦ dimitari's gravatar image

The strategy makes sense from a technical perspective, but it is extremely impractical to have an exponential lockout. I had an old password in my FTP client and it auto-retried a few times when I clicked connect and locked me out. Very inconvenient as I was trying to see if some malicious files were created in my account...I'm stuck here waiting for support to unlock me so I can go check the files and clean up as necessary.

A useful addition might be to allow unlocking from the Control Panel to reduce the reliance on support to handle these cases. An alternative may be to send an unlock email to the registered admin email address that an unblock the IP. The current design is very much lacking in sophistication and a byproduct is that it can promote the use of unsafe passwords to avoid mistakes or reduce the frequency with which users update their passwords to avoid these types of scenarios.

(11 May, 21:07) Charles Chen Charles%20Chen's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×100
×44
×37
×2
×1

question asked: 15 Jun '13, 22:02

question was seen: 8,327 times

last updated: 11 May, 21:25

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM