Sever Goes Down Cause Csf Firewall Blocks Everything
Mar 27, 2008
This weird issue has poped up only this weekend , when csf blocks all ips and even ssh, email and all services are not accesible, even though server is working, but firewall puts a block on everyone, and appears offline to others, any ideas why csf and iptables are not responding and acting in this behavior, i asked jonesolutions.com last time it happened i got no reason/response which could be the culprit.
Could it be the kernel update/upgrade that was done, to optimize load which broke csf and its working?
as this is 2nd incident over last 2 days , and i had thought my management had fixed it. Upset here over the unwanted for no reason downtimes!
Here is the output for this command after i restart csf again, and thats like average too i get over the entire day.
firewall for my new server. I will be running cpanel 11 on it... so i was looking into configserver.com . Are they good? Is there any other firewall software's you can recommend besides configserver?
I just uninstall apf and install csf firewall on 4 servers
There is a problem after that. 2 of the server actually was OFFLINE by 12 midnight sharp yesterday night. This is the second time (second day) it happens. I went into the datacenter and
#ping yahoo.com *Host not found*
#service csf stop #ping yahoo.com *Responding*
So how is this related to eth0 making my server offline by itself? Was it Iptable problem or Csf problem? or Kernel problem?
APF (on my server) often blocks me and some other browsers but I don't want it to do this. Let me give the last one log below;
Code: May 26 09:38:01 linux apf(9884): (insert) deny all to/from 85.101.x.x (my ip) After 20 minutes automaticly deleting the block. May 26 09:58:02 linux apf(11064): {delete} deny all to/from 85.101.x.x
i have VPS CentOs5 running 2.6.9-023stab044.11-entnosplit with Plesk 8.3 Panel ..
last nigth when i was talking with the support center and i past my root passwd ..
after 10-15 mnts some attacker has change my page (index.html)
the server is new .. i just take VPS server before 3 days .. so there is no way to upload or run any php script ( worm ) in my server kz i didn't install anything there else (.html) pages ..
so i stop my VPS tell today and now i change my password and run the command to find any php files in my Vhosts folder wich content my sites directory...
i didn't find anything there and everything looking as a Defualt..
now the question is there anyway for the attacker to hack NixCore V1.5.0 Support Center ...?
and if there any way to check my server if there any uploading new files? whatever is .php ; .pl ; .rar ; .gif ; etc ...
and what command to show what the user group have the root permission?
does aynone know how to modify the file /etc/network/interfaces (using debian linux) in order to have 2 different 8 IP - Blocks on one server? I guess one needs somehow 2 gateways, but I am not really sure how to set it up. So I did try it that way, which didn´t work: ....
I rented out a server from leaseweb for 6 months (prepaying) before doing any real researching.. the price was great but the support apparently sucks. Now that I found this out, and my server hasn't been setup yet, I want a full refund. I've contacted them via email, but yet to recieve a response; who should I contact or what should I do.
With increased traffic lately I'm trying to plan my next move so I was hoping for some kind recommendation from you guys.
My current setup is 1 VPS from knownhost (managed) where i have my wordpress sites and 1 VDS at FDC (unmannged) for static content like images and zip files but i would like to have everything in one place because it would work out cheaper.
So the question is would i be risking too much if I moved my whole site to a unmanaged dedicated sever without having any expreice other than very basic stuff like intalling afp/ddos deflate?
Right now it seems like their isn't anything to it except upgrading the OS or mysql and things like that in the future...
to put together a file server. This server will only accept SFTP connections and send/receive data. Also, planning to use RAID 10 with a hardware controller. Just looking to get a feel for the CPU and RAM. While the server load will not be much, scalability is a factor when considering hardware.
I am looking for a dedicated server for my flash games site. I am currently using 1and1.com for a Titan 16gb ram, 6gb monthly transfer(bandwidth) but not enough. I end up paid almost $2k last month. So I am need is at least 15-20gb bandwidth monthly transfer and about 8gb ram....
This came as a surprise today, I setup a server-based RSS reader and could not get WHT's forum RSS feeds. A little digging revealed it was the default APF installation that was blocking the 174.0.0.0/8 range, which includes WHT and a chunk of Softlayer's ip range.
The quick fix is easy, just remove that range from the /etc/apf/internals/reserved.networks file and restart, in the latest apf version, I don't know how many apf versions back this block goes.
The APF folks do a fantastic job in keeping APF up to date, but this seems to be recent update to this particular ip range that hasn't made it into APF yet.
Does any one else use the free hosting byethost and have problems with them blocking user agents like googlebots and phpld site verification agents?
Otherwise their hosting is good but a huge drawback is that Google is blocked from accessing my site and I cannot get back links in many phpld directories because they cannot verify my site as their user agent is banned by the host.
If you upgrade to a paid account are these restrictions removed?
We want to build a file server in our office - either Windows or Linux (doesn't make a difference to us).
We have a lot of satellite offices, and want to have certain computers have access to specific files/folders on the fileserver.
The catch is this... we would like some of our satellite computers to "sync" with the files/folders on the fileserver.
For example, a developer who is constantly working with a particular client, will always want his/her files to sync up with what is on the server.
The developer will want to work with a local copy of the files, and once finished, will upload them to the file server.
A few days go by, and there is a possibility the fileserver has additional information for that client. The developer would then want to download the changed files from the fileserver.
The benefit of working with local files, is that it is quicker to make changes. We can always leave the desktop on overnight to sync between the fileserver and the desktop.
Any suggestions what to look into here?
All of our desktops are on Windows, so we would need a windows application that has this functionality.
Rsync seems to be the closest thing I've found so far.
I recently got a dedi from Hivelocity, and they installed CSF/LFD. On my previous hosts, I didn't have this, just cPHulk. With this dedi, I'm receiving nearly a dozen daily emails from LFD with IPs that have been blocked for multiple failed logins, mostly with username root, but also sales, staff, admin, system, etc., and a few for port scanning.
Is this normal? I've already disabled direct root login via SSH, and I'm not really worried about anyone actually managing to gain access, I'm just curious about the high number of attempts. On previous hosts, where I actually had active sites and forums, with links posted on other forums that are indexed and nicely ranked by Google, I rarely received any emails from cPBrute at all.
One of my friends has a web server that runs Jetty. And he's having issues with users using Safari getting blocked by Jetty through a login process. The result after attempting to login is a 404 error. That just says machine blocked and URI=
and then below powered Jetty://.
This only happens with Safari.. I was wondering if anyone had any ideas on what could be causing this or is familiar with Jetty?
This is an issue I've been having for a few months now and haven't been able to resolve yet with my data center, AOL support and the company who manages the server for me. My main reason for posting this is for a fresh set of eyes and to see if anyone else has had a similar problem in the past (and how they fixed it)
The issue is this:
I set up a dedicated server to host my web design clients a few months back and no one has been able to send to or receive mail from AOL addresses. I've gone through everything at the postmaster.aol.com site and have ensured that reverse DNS records are in place for all IPs associated with the server, as rDNS is a mandatory requirement for AOL.
Once my support requested was finally elevated to a real AOL support tech, they confirmed that my IP was not being blocked by their servers and are still under the impression that the problem must be on my end somewhere. Because this problem only occurs with AOL (we can send/receive with all other big providers - yahoo, hotmail, gmail, hush, etc), my server management team are fairly certain it must be an issue on AOL's side.
When sending mail from an AOL address, it bounces back with an error like so (real emails replaced with example addresses):
451 <email@exampledomain.com>... exampledomain.com: Name server timeout Message could not be delivered for 2 hours Message will be deleted from queue
When sending mail from my server, it bounces back with an error like so:
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
exampleaddress@aol.com retry timeout exceeded
When attempting to manually deliver a message to AOL from the Mail Queue in WHM, I get an error like so:
Message xxx-example-number is not frozen delivering xxx-example-number Connecting to emr-d01.mx.aol.com [205.188.159.2]:25 ... failed: Connection timed out (timeout=5m) LOG: MAIN emr-d01.mx.aol.com [205.188.159.2] Connection timed out Connecting to emr-m01.mx.aol.com [64.12.136.169]:25 ... failed: Connection timed out (timeout=5m) LOG: MAIN emr-m01.mx.aol.com [64.12.136.169] Connection timed out LOG: MAIN == example@postmaster.aol.com R=lookuphost T=remote_smtp defer (110): Connection timed out
When attempting a manual telnet test from my server to AOL's mail server at , it also times out with the following:
telnet: Unable to connect to remote host: Connection timed out
The AOL support tech explained that if my server IP were being blocked, it would return messages with a block error code instead of timing out. They suggested my firewall was blocking AOL's server....but both my data center and server management company said that isn't the case.
Because I can't duplicate this problem with anyone but AOL accounts, I don't know what else to troubleshoot or look for. I know AOL is notorious for blocking IPs and most email related problems are usually for lack of rDNS, but neither of those issues are the problem in this situation...so I don't know what else to try. My server management company (PSM) and AOL (once they finally elevated me to a real tech support person), have been very patient and helpful....but we still haven't been able to identify the problem and I feel incompetent for not being able to contribute on my own. I've researched for weeks and certainly understand more than I did, but still far less than they do.
AOL did direct me to a Windows Server troubleshooter relating to UDP packet size limitations with some firewalls that could cause MX query timeouts with AOL, Earthlink and Quest...but because I'm on an Apache server...I didn't know if that could be related at all to my issues (not to mention that I didn't even know what any of that meant until I went and looked up what a UDP packet actually was. I'm still not entirely sure I understand it). Even so, I did send the information to Platinum Server Management a short while ago, but haven't heard back yet.
Anyways.... in the meantime, I thought I'd check here in case anyone else had the same issue or saw something obvious we might not be considering.
My server details are as follows. I included my data center and management company details to illustrate that people far more qualified and intelligent than myself have performed the most common and obvious troubleshooters so far:
Pentium IV 2.8GHz /1GB DDRAM /120GB EIDE HDD OS: CentOS 4.3 cPanel/WHM Main Server IP: 66.79.163.138 Example Domain on the server: vedadesigns.net
Data Center: Dediwebhost.com (awesome service & fast support) Initial Server Setup & Management: Platinum Server Management (I just can't say enough good things about these people)
I have my web server hacked several times and I am beating my head against the wall trying to find the problem(s).
Way back when my sites have been defaced and CHMODing my *.html files to 744 seemed to have done the trick
Now someone has put a phishing site somehow, which by the way I'm not able to remove still, I can't help but to think that I may have more CHMODing to do, I have recursevly set my site to 755, shoud this do the trick? I know I need to chmod .htaccess and alike files to 644, but what about...imagesCGI/PHP?cssetc?
What other steps can I take to secure this thing?
it's a shared host, limited access, but I do have SHELL.
In fact i am a customer of PC-CORE.net's directly customer.They send me a email to let me translate my website a few days ago.But i was in a travel then.I recieved it yesterday night. But it is too late that i cannot enter my website then.It is likely the sever ha been shutdown.My ip was 64.191.125.149.The guy rent me the space said he is powerless with it.
I did not get any backups of my site.They are gone when i format my hard drive last time.But the website's date is very important with me.
Anyone related with it?What i can do to save my site? What is going on with PC-CORE.net?
we use CentOS Linux 7.0.1406 (Core) Plesk Version 12.0.18 Update #26 I got reports of several users on my system, and i can confirm this myself, that fail2ban is blocking courier imap and postfix connections when i try to connect to the Plesk Server with Outlook 2013 and theBat and the Apple Mac Mail Client.
I used the correct login information but fail2ban blocked the IPs for no obvious reason:
Code:
2014-12-03 12:46:57,908 fail2ban.actions[920]: WARNING [plesk-postfix] Ban 82.134.94.102 2014-12-03 12:46:58,049 fail2ban.actions[920]: WARNING [plesk-courierimap] Ban 82.134.94.102 I disabled the two jails now and it works perfectly. But why is fail2ban blocking valid requests ? I tried it myself and i did not enter a wrong password or something. MaxRetry is 5 so this should not be a problem. The problem is not affecting all users but just a few. However all of them are using correct credentials so i dont understand why they are being blocked at all.