Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Blocked IP traffic to UK

Discussion in 'Security' started by grumpyted, Apr 18, 2018.

  1. grumpyted

    grumpyted Registered

    Joined:
    Apr 18, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Midhurst, UK
    cPanel Access Level:
    Root Administrator
    Hi Everyone, I have a problem with a blocked IP. I'm getting desperate..

    My Question: How do I get this resolved? Who do I contact?

    Thank you, in advance.


    I'm a small web design and hosting company in the UK, using a cloud server in the US. We have approx. 30 domains with email hosted.

    I have a problem I have not seen before. I have lodged a support ticket with the hosting company and they have helped me identify the cause but are tardy with a solution.

    Over the last weekend all our email and some sites stopped working. I found I couldn't access WHM or any cPanels.

    With help from server tech it was clear that all email and web traffic was accessible in the USA, but NOT IN THE UK.

    After much gnashing of teeth and hair rending, I worked out it was a specific IP ADDRESS that was being blocked somewhere. This IP is shared between my base domain and some hosted domains. It is all these domains that are not accessible in the UK. The base domain is the mail server for all the domains; hence email not being accessible for all our domains, even the ones that can be seen in the UK.

    I did a simple tracert from my PC on the suspect IP address and it reaches a certain hop, 6 hops in, and times out repeatedly after that.


    My Question: How do I get this resolved? Who do I contact?

    HELP!!!

    Microsoft Windows [Version 10.0.16299.371]

    (c) 2017 Microsoft Corporation. All rights reserved.


    C:\Windows\System32>tracert ***.***.***.***


    Tracing route to cloud.gtwd1.co.uk [***.***.***.***]

    over a maximum of 30 hops:


    1 2 ms 1 ms 1 ms BTBusinessHub.home [$$$.***.$$$.***]

    2 * * * Request timed out.

    3 9 ms 9 ms 9 ms 31.***.***.***

    4 10 ms 9 ms 9 ms 31.%%%.***.***

    5 10 ms 9 ms 10 ms core3-hu0-6-0-3.faraday.ukcore.bt.net [00.00.00.00]

    6 11 ms 12 ms 11 ms 62.6.***.***

    7 10 ms 10 ms 10 ms 215.***.***.*** (it stops here)

    8 * * * Request timed out.

    9 * * * Request timed out.

    10 * * * Request timed out.

    11 * * * Request timed out.

    12 * * * Request timed out.

    13 * * * Request timed out.

    14 * * * Request timed out.

    15 * * * Request timed out.

    16 * * * Request timed out.

    17 * * * Request timed out.

    18 * * * Request timed out.

    19 * * * Request timed out.

    20 * * * Request timed out.

    21 * * * Request timed out.

    22 * * * Request timed out.

    23 * * * Request timed out.

    24 * * * Request timed out.

    25 * * * Request timed out.

    26 * * * Request timed out.

    27 * * * Request timed out.

    28 * * * Request timed out.

    29 * * * Request timed out.

    30 * * * Request timed out.


    Trace complete.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,851
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    To get this resolved you'll need to contact the network where it's being blocked. Because I can't see the IP address I can't tell you who owns the network but you can use tools like whois (cli) or Free online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6 to identify the network. For example the only one I'm able to see, 2 hops before it stops is a host that belongs to Network Solutions:


    Code:
    # dig a core3-hu0-6-0-3.faraday.ukcore.bt.net +short
    195.99.127.194
    Code:
    # whois 195.99.127.194
    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf
    
    % Note: this output has been filtered.
    %       To receive output for a database update, use the "-B" flag.
    
    % Information related to '195.99.125.0 - 195.99.127.255'
    
    % Abuse contact for '195.99.125.0 - 195.99.127.255' is 'abuse@bt.com'
    
    inetnum:        195.99.125.0 - 195.99.127.255
    netname:        BT-UKIP-IPV4-INFRASTRUCTURE
    descr:          Core PoPs
    country:        GB
    admin-c:        BS1474-RIPE
    tech-c:         BS1474-RIPE
    status:         ASSIGNED PA
    remarks:        Please send abuse notification to abuse@bt.net
    remarks:        New netname
    remarks:        INFRA-AW
    mnt-by:         BTNET-MNT
    mnt-lower:      BTNET-MNT
    mnt-routes:     BTNET-MNT
    created:        2003-09-12T08:22:11Z
    last-modified:  2010-07-29T09:43:26Z
    source:         RIPE
    
    role:           BTnet Support
    address:        Adhara
    address:        Adastral Park
    address:        Martlesham Heath
    address:        Ipswich
    address:        SUFFLK   IP5 3RE
    address:        GB
    phone:          +44 800 0858963  5
    phone:          +44 1473 336231
    admin-c:        FLS15-RIPE
    tech-c:         BS1474-RIPE
    nic-hdl:        BS1474-RIPE
    remarks:        For all queries contact as2856peering@bt.com
    remarks:        Please send delisting issues to btnetdns@bt.net
    mnt-by:         BTNET-MNT
    created:        2002-04-30T07:54:10Z
    last-modified:  2009-11-19T15:52:52Z
    source:         RIPE # Filtered
    
    % Information related to '195.99.0.0/16AS2856'
    
    route:          195.99.0.0/16
    descr:          BT Public Internet Service
    origin:         AS2856
    mnt-by:         BTNET-INFRA-MNT
    created:        1970-01-01T00:00:00Z
    last-modified:  2014-07-30T08:56:59Z
    source:         RIPE # Filtered
    
    % This query was served by the RIPE Database Query Service version 1.91.1 (WAGYU)
    
    If this network belongs to your provider they are the only ones that can remove the block on the IP address.


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. grumpyted

    grumpyted Registered

    Joined:
    Apr 18, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Midhurst, UK
    cPanel Access Level:
    Root Administrator
    Thank you so much form your helpful reply. It seems a DDOS attack was halted by closing a gateway and I've been caught up in that. They are trying to get it opened as I type.
    This has been a very hard week and it's only Wednesday.
    Thank you for your help.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,851
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I'm sorry to hear that you and your clients were unable to reach your server/email because of that, I'm glad to hear that they're fixing it for you though!


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice