1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My site blocked my ip. Where do I look to fix?

Discussion in 'Security' started by Mister9, May 19, 2011.

  1. Mister9

    Mister9 New Member

    Joined:
    Apr 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I run my own dedicated server. One of my sites have blocked my IP from viewing the site, FTP, and cpanel. I have a couple laptop that are able to log in and view the site normally, however just my main pc has been blocked somehow. I checked in cpanel of the site's "IP Deny Manager" and no IPs were displayed there. I also have CSF installed on my server however I checked the blocked IP list and my IP is not listed. On top of that, I have my IP set up as a allowed IP. This is happneing on just one of a few websites on my server.

    Where else should I be looking to fix this problem? Seems like I checked everything...:confused:

    Any help would be much appreciated. Thanks!
     
  2. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Do you have cPHulk Brute Force Protection enabled? It shouldn't only be denying access to one site and would the whole server, though, so that's a bit confusing if it were the cause. If you have WHM > cPHulk Brute Force Protection enabled, you can temporarily disable it to see if that works to see if that is the cause.

    Otherwise, do you have any other scripts that you've installed onto the machine? You could still check your IP if it might be listed in the firewall directly:

    Code:
    /sbin/iptables -n -L | grep IP#
    Where IP# is the IP number for the machine that is blocked. Also, just to make sure, please do check your IP at What's My IP Address? Networking Tools & More in case you believe that computer is coming from an IP that might not be the actual IP. This way you can ensure you are checking for the right IP.
     
  3. Mister9

    Mister9 New Member

    Joined:
    Apr 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hello cPanelTristan,
    I just tried your advice above by typing in the command above and this has resolved my issue. THANK YOU SO MUCH!
     
  4. Mister9

    Mister9 New Member

    Joined:
    Apr 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I tried your command above and this fixed my issue! Thank you so much!

    Just wondering how in future I will be able to view all the IPs being blocked, since I was not able to view this in whm or cpanel?
     
  5. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    If the IP was blocked in iptables, then cPanel didn't block the IP. It had to have been CSF or LFD that blocked it. As such, I cannot recommend how to view it in cPanel or WHM when we didn't perform the block.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    12,125
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    Pennsylvania
    The command Tristan provided did not fix your issue I don't think, it should have shown you if your IP was listed or not. When you found it listed (assuming you did), what did you do next?
     
  7. Mister9

    Mister9 New Member

    Joined:
    Apr 28, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I'm so embarrassed! It didn't fix my issue. I was able to access the site again for a while and now I am blocked again. It's so odd. I am able to FTP and view all my sites on my server except this one site. Whenever I try to FTP, it says, FTP Socket Error: 11004. I am still looking for an answer. Thanks for your help thought guys... I will continue to try to figure it out.
     
  8. nobodyk

    nobodyk Member

    Joined:
    Aug 1, 2010
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    disable CSF for a while and see if that was the issue. If it was, post your log msg here.
     
  9. SoftDux

    SoftDux Member

    Joined:
    May 27, 2006
    Messages:
    986
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    Your server can't just block access to one single domain, on your PC only. It would either block access to everything, or nothing. It sounds to me like the firewall, or maybe even a spam filter on your own PC is causing this.
     
  10. tank

    tank Member

    Joined:
    Apr 12, 2011
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chicago, IL
    IF it is a temporary block that sounds as if firewall of CSF giving you a temporary block. Do you have any malware and or too many login attempts on your network to your server. Also make sure to whitelist your IP address every place possible.
     
  11. Hitro

    Hitro New Member

    Joined:
    Apr 23, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I dont have WHM.... How can i get cphulk disabled...I get Brute force error now and then... I have hostgator account...Please help me
     
  12. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    If you are periodically being blocked and only have cPanel access, then only your hosting provider can help you with the issue you are having. Please contact them about what is happening. Thanks!
     
  13. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    My field is security and I've never been a huge fan of cpHulk as it is inaccurate and too easy to misuse as an attack tool against the server owner. I usually recommend to people that they disable it and supplement their security with other tools.

    If you are on a shared hosting account, you are in a bit of a bind and really at the mercy of your hosting provider and also stuck with however they have setup security on the server which unfortunately might of been setup by some low paid administrator who doesn't really know any better probably thinking they are doing good protecting their client servers.

    If your host won't or can't help with that, I would probably consider looking at moving to another hosting provider or perhaps even changing to a different type of hosting where you have more control such as a VPS, Dedicated, or Cloud VPS.

    **EDIT** PS: I see a lot of people throughout this thread talking about various checks to see if you are blocked or "disabling CSF temporarily". In case anyone doesn't know, CSF actually has a built in security grep command to check the status of an IP address or CIDR range. All you have to do is use the "-g" option with CSF at the shell command line.

    Example:
    Code:
     #  csf -g 127.0.0.1 
    (you would of course replace 127.0.0.1 with your IP or CIDR range)
     
    #13 NetMantis, Apr 26, 2012
    Last edited: Apr 26, 2012

Share This Page