If you suddenly can’t access your website, cPanel, or email
on VMA’s server—but everything works fine on mobile data or another
network—your IP address has most likely been blocked by our firewall (CSF).
This isn’t personal and it doesn’t mean your computer is
“banned forever”. It usually means something from your connection has triggered
an automatic security rule designed to protect all customers on the
server.
What does “blacklisted” actually mean?
On our servers we use ConfigServer Security &
Firewall (CSF). CSF monitors traffic and, together with its Login Failure
Daemon (LFD) and DNS-based blocklist checks, can:
When your IP is blocked:
You
may not be able to load your website hosted with us
Webmail,
cPanel and FTP may time out
Email
clients (Outlook, Apple Mail, etc.) may fail to connect
Common reasons your IP gets blocked
1. Too many failed login attempts
The number one reason for IP blocks is repeated
failed logins in a short period from the same IP, such as:
Wrong
email password stored in Outlook/Apple Mail/phone
Old/incorrect
cPanel or FTP password saved in a program
A
device repeatedly trying to connect with outdated credentials
Multiple
people on the same office network all guessing passwords
To protect accounts from brute-force attacks, CSF/LFD will
automatically block IPs after a set number of failures.
Tip: One incorrect password on one device can
cause all devices on that network to be blocked.
2. Dynamic IP addresses from your ISP
Many internet connections use a dynamic IP, which
means your IP changes regularly.
Two issues can occur:
You
are allocated an IP that someone else previously abused, and that
IP is already on a DNSBL or blocked in our firewall.
Your
IP keeps changing and triggering new checks or rate limits.
So even if you haven’t done anything wrong, you might
inherit a “bad” IP for a while.
3. IP address listed on a DNSBL (email / spam blacklists)
If your IP appears on a DNSBL (DNS-based blacklist),
our firewall or mail server may treat it as suspicious. Reasons your current IP
might be on a DNSBL include:
Previous
users of that IP sent spam
Malware
or infected devices on your network sending suspicious traffic
Compromised
email accounts sending bulk or unsolicited mail
If our server sees a connection from a known “bad” IP, it
may block or heavily restrict it.
4. Suspicious traffic patterns or port scanning
Our firewall also monitors for behaviour that looks like:
Port
scanning (probing many ports/services from the same IP)
Excessive
connection attempts to multiple services (e.g. FTP, SMTP, IMAP, HTTP)
Automated
tools or scripts hammering the server
Even some “legitimate” tools (e.g. aggressive uptime
monitors, misconfigured plugins, security scanners) can look like an attack and
cause an automatic block.
5. Website security rules (mod_security) being repeatedly
triggered
If your website or plugins send requests that look similar
to:
…they can trigger mod_security or other web
application firewall rules.
Repeated triggers from the same IP may eventually cause a firewall block.
This can sometimes happen with poorly coded plugins, themes,
or custom scripts.
6. VPNs, proxies and shared office networks
You may share an IP with many other users if you’re:
If someone else on that IP triggers our firewall, everyone
on that IP can be blocked—even if you personally haven’t done anything
wrong.
How to tell if your IP is blocked
Typical signs include:
Website
hosted with us doesn’t load, but other sites do
Email
clients time out or show connection errors for your VMA-hosted email
cPanel,
webmail or FTP time out or “refuse” the connection
It
works fine using mobile data (4G/5G) but not on your home/office
Wi-Fi
If you suspect a block:
Visit
a site like whatismyip.com to get your current public IP address.
Contact
VMA support and provide that IP so we can check and, if appropriate,
unblock it.
How to prevent your IP being blocked in future
Here are best-practice steps you (and your team) can follow
to minimise the chances of being blocked again.
1. Avoid repeated failed logins
Double-check
user names, passwords and server settings before connecting
Update
all devices when you change a password (desktop, laptop, phone, tablet)
Remove
old accounts from email clients that are no longer in use
Don’t
“guess” passwords—use a password manager
2. Use strong, unique passwords and enable any available
security features
Use
strong, unique passwords for cPanel, email, FTP and CMS logins
Never
reuse passwords from other sites
If
available, enable 2FA (two-factor authentication) on key logins
This reduces the chance of brute-force or
credential-stuffing attacks that can cause repeated failed logins and firewall
triggers.
3. Keep your devices and website secure
Run
up-to-date antivirus/anti-malware on all computers
Keep
your operating system, browsers and apps patched
For
websites (e.g. WordPress), keep core, themes and plugins up to date
Remove
unused plugins/themes and use reputable ones only
Compromised devices or sites can make suspicious requests
and push your IP onto blocklists.
4. Be careful with email sending behaviour
Do not
use purchased or scraped mailing lists
Only
send to people who have opted in
Honour
unsubscribes promptly
Avoid
sending large bursts of mail from desktop clients through the server
Consider
using a dedicated email marketing platform for bulk sending
This helps avoid your IP getting listed on external DNSBLs
for spam.
5. Consider a static IP for business-critical access
If you’re regularly blocked and your ISP uses dynamic IPs,
consider:
A stable, known IP is easier to manage and monitor from a
security perspective.
6. Use VPNs and scanning tools carefully
If
you use VPNs, be aware that some VPN exit IPs may already be on blocklists
Avoid
running aggressive scanning or penetration-testing tools against your own
site unless absolutely necessary—and coordinate with support first
What VMA does to help
On our side, VMA:
Runs
ConfigServer Security & Firewall (CSF) to protect all clients
from attacks
Monitors
failed logins, suspicious traffic and known bad IPs
Can
review and adjust firewall rules where appropriate
Can
check and remove your IP from the block list once the cause is resolved
If you’re blocked often, we can also help review:
Your
email client settings and behaviour
Your
website security setup (CMS, plugins, themes)
Any
patterns we see in the firewall logs
What to do if you’re currently blocked
Find
your IP: Go to whatismyip.com from the affected connection.
Check
your settings: Make sure email, FTP and cPanel passwords are correct
and that nothing is “stuck” trying to reconnect.
Your
IP address (use the IPV4 preferably)
Approximate
time the issue started
What
you were doing at the time (e.g. changing email passwords, logging into
cPanel, etc.)
We’ll review the logs, unblock your IP if safe to do so, and
provide advice to help prevent it happening again.