sfw/fix
Imunify360 403 high

Imunify360 403 Forbidden / CAPTCHA - your access has been blocked

The Imunify360 WAF on cPanel hosting greylisted your IP and now returns a 403 or a reCAPTCHA you must solve.

What you see

403 Forbidden
Your access to this site has been limited by the site owner
(or)
Please confirm that you are not a robot — reCAPTCHA
Imunify360

What’s actually happening

On a cPanel or shared-hosting site you suddenly get a 403 or a reCAPTCHA gate branded Imunify360. Solving the CAPTCHA may let you back in temporarily, or it may keep looping. Often it follows a few failed logins, an FTP/SMTP auth failure, or a request that matched a malware rule. The block is per-IP: the site loads fine from another network, and other visitors aren't affected. If your IP is on Imunify's RBL, you get a hard 403 with no CAPTCHA at all.

Common causes

  • Brute-force protection greylisted your IP after repeated failed logins (wp-login, cPanel, FTP, mail, SSH)
  • A request matched a ModSecurity/Imunify WAF rule — a malware signature, a suspicious query string, or a known-bad pattern
  • Your IP is listed in Imunify360's RBL (Realtime Blackhole List); RBL hits are dropped at the WAF even if you're whitelisted locally
  • Shared or VPN IP that another user got greylisted for, now applied to you
  • CDN/proxy in front of the server hiding the real visitor IP, so Imunify greylists the wrong address or everyone behind it

How to fix it

  1. If you're a visitor, solve the CAPTCHA once, then stop hammering the loginComplete the reCAPTCHA if shown and don't retry a bad password — more failures re-greylist you. If it loops or there's no CAPTCHA (a flat 403), your IP is likely RBL-listed and you'll need the host to act. Note your public IP first.
  2. If you're the site owner, whitelist the IP from the Imunify panelIn cPanel, open Imunify360, go to the Incidents or Firewall/Greylist tab, find the IP, and add it to the White List. CLI equivalent: imunify360-agent ip-list local add --purpose white 1.2.3.4. This clears a local greylist immediately.
  3. For RBL drops, whitelist AND understand the limitA local whitelist tells Imunify to ignore RBL for that IP on this server only — run imunify360-agent ip-list local add --purpose white <IP>, then check with imunify360-agent ip-list local list. It does not remove the IP from the global RBL, so the same IP can still be blocked on other servers until the global listing ages out.
  4. Fix the real-IP detection if everyone is getting greylistedWhen a CDN (Cloudflare, etc.) fronts the server, configure Imunify360 + Apache/LiteSpeed to read the real client IP (mod_remoteip / X-Forwarded-For) so it greylists the actual offender instead of the proxy or all visitors. See Imunify's CDN-support docs.
  5. Distinguish it from other host WAFs before troubleshootingImunify360 blocks are branded and tied to cPanel. A Sucuri block says "Access Denied - Sucuri Website Firewall," Wordfence is a WordPress-plugin block page, and a bare ModSecurity 406/403 has no branding. The unblock path is different for each.

Stop it recurring

Site owners should pre-whitelist their office/VPN and monitoring IPs in Imunify360 so admins and uptime checks never get greylisted after a few failed logins.

Related errors

Cloudflare Error 1006, 1007, 1008: Access Denied - your IP has been banned

medium

A Cloudflare firewall rule blocked your IP: 1006 is a direct ban, 1007 is a country block, 1008 is a custom access rule.

Google Safe Browsing "Deceptive site ahead" warning

critical

Google Safe Browsing flagged the site for phishing or malware, so Chrome shows a full red interstitial before the page loads.

IP listed on Spamhaus blocklist (DNSBL)

high

Your sending IP is on a Spamhaus DNSBL as a spam source or compromised host, so receiving mail servers reject your messages.

Microsoft Defender SmartScreen "This site has been reported as unsafe"

high

Your URL matched Microsoft's reported-sites list, so Edge blocks the page with a SmartScreen interstitial before it loads.