Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[Need Review and Compare] Auto Unblock IP Tool for WHMCS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[Need Review and Compare] Auto Unblock IP Tool for WHMCS

UpResellerUpReseller Member
edited July 2012 in General

I really want to save times for our customers, so I decide to buy a few whmcs addons. Now it's time to choose Auto unblock ip address for WHMCS.

Any suggest?

I found it: http://www.autounblock.com/FullFeatureslist.php, but I have never use it. Any recommend?

Comments

  • jarjar Patron Provider, Top Host, Veteran
    edited July 2012

    I just can't see spending $49 on something that easy to do on your own, and I don't know that I'd want clients being able to remove IPs from my block list. They shouldn't be in it anyway.

    Thanked by 2Randy DanielM
  • flyfly Member

    when would you see a situation where you would want auto unblock ip address instead of manually reviewing each case?

  • HC_RoHC_Ro Member

    You want to use this to remove cphulk bans?

  • Useless.

    Thanked by 3Randy DanielM Infinity
  • RandyRandy Member

    you are wasting money 49 is alot

  • @Randy said: you are wasting money 49 is alot

    Its a lot for a stupid plugin.

    Thanked by 1Randy
  • I think this is not bad idea. I already seen it before with PacificHost. It saves time for our customers, because they don't need to ask for support to unblock their ips when did wrong password.

  • You already can set the ban length.

    image

  • @MrLadoodle: This is a plugin which connects to server, not by WHMCS unblock tool. :)

  • NickMNickM Member

    Doesn't that completely defeat the purpose of having a limit on wrong passwords? If you can just unblock yourself, it's not going to stop a brute force attack...

    Thanked by 1MrAndroid
  • MaouniqueMaounique Host Rep, Veteran

    Actually, a brute force attack is likely to be automated, this means if the IP is blocked the robot wont go to unblock it because it doesnt even know the IP of the panel. The user needs to login to the panel to do that.
    M

  • jarjar Patron Provider, Top Host, Veteran
    edited July 2012

    So one client can try to brute force another client to their heart's content. I guess if you trust your clients, including the ones you don't have yet...

  • MaouniqueMaounique Host Rep, Veteran

    Dont think so, they will have to have the credentials to login to the panel.
    M

  • jarjar Patron Provider, Top Host, Veteran
    edited July 2012

    It allows users to unblock an IP of their choice from csf via whmcs. So the client becomes immune to the firewall settings. Question is...do clients deserve this blanket privilege. If one client is trying to attack another client, they now have the freedom to brute force, with a minor inconvenience in the way. I guess if you give it out sparingly it could be a time saver, if you have a legit client who is bad at remembering passwords and doesn't use a static IP that you can just white list.

  • UnBlockMe recently went free and open source, you can get it from here:
    http://code.google.com/p/franksworld/downloads/detail?name=unblockme-2.0.zip&can=2&q=

    I took this version and completely rewrote it into a new free open source version, which you can get here:
    http://projects.serverping.net/projects/unblockip/wiki

    In my version you can set how many times a user can perform an unblock in a given time period to help prevent someone from using the tool to get around the brute force protection.

  • CoreyCorey Member

    I wouldn't use this simply because if a client gets locked out we have no issue with them opening a support ticket. They shouldn't be getting locked out though. This tool just creates a way for fraud people to try and brute things. Much like @Jarland said we can just white list clients that are bad at typing or remembering their passwords.

  • With UnBlockIP, you can configure it only allow a client to issue one or two unblock requests every 24 hours for example, then it would be really difficult for someone to use this for a brute force attack but still be useful for a client who accidentally locked themselves out.

    I know with our shared hosting this happens rather frequently. Now after we unblock the IP for the client, we give them instructions on how to check and remove the IP block if it happens again. If we don't have their IP information we can also just direct them to this feature in our portal since it will fill in their current ip address automatically.

  • CoreyCorey Member

    @jclarke how would you not have their ip information? I still think whitelisting is a better option. Less hastle and worry.

  • If they send an email to our helpdesk instead of submitting via our web interface Kayako doesn't always give us the IP address of the end user.

    I would think whitelisting would be greater security risk, since that user could now brute force attack the server if they wanted to.

  • CoreyCorey Member

    @jclarke yea but when they signup you have their IP right? :)

    As far as a user brute forcing once whitelisted - sounds ludacris... but even then you should be able to stop them before they get anything useful.

Sign In or Register to comment.