The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ConfigServer Security & Firewall

Discussion in 'cPanel Developers' started by pkirman, Jul 19, 2007.

  1. pkirman

    pkirman Registered

    Joined:
    Jan 21, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    Hi just wanting to know if anyone has any ideas, as from what I can find loads of people have this problem.

    Basically I have installed ConfigServer Security & Firewall on CentOS/Cpanel its a new install and there is no website or anything on it, but I now cant use putty to get onto the server.

    Even if I stop the firewall it doesn't work

    Help

    Thanks

    Paul
     
    #1 pkirman, Jul 19, 2007
    Last edited: Jul 19, 2007
  2. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    This doesn't sound like it has anything to do with CSF. What makes you think it does, or that loads of CSF users have this problem?
     
  3. pkirman

    pkirman Registered

    Joined:
    Jan 21, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    Firewall

    well, it was working before I installed the software so I think it is.

    I can try taking it off and trying again.

    The reason I say that is, if you look for the problem on google there is loads of forums ect where people have the same problem as I do, but no one had a answer on how to fix it.

    if I can help by sending any more info people let me know

    Thanks

    Paul
     
  4. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Is it possible you are using a non-standard port for ssh and haven't set it in CSF's conf?

    BTW... CSF has it's own forums and you may get more knowledgeable help there.
     
  5. DReade83

    DReade83 Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cheshire, UK
    I've done a full CentOS 5, cPanel 11 and CSF 2.85 install this evening, using a non-standard SSH port.

    Have you tried restarting the SSH service?
     
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    CSF is just a front end for iptables. If you use a non standard port for SSH this might be why iptables would be blocking you. For example: you have SSH set up for port 4000 and you add that port to the CSF conf file. When you start CSF it adds a rule to iptables that opens port 4000. But if it's not in the conf file, CSF closes port 4000 (and any port not in the conf file for that matter) in iptables.

    Now here's the bad part. If you change the SSH port, but never add that port to the CSF conf file- CSF will still tell iptables to block that port. Essentially locking you out of the server via SSH since SSH is now listening on port 4000, but iptables is blocking it!

    If this is what happened, you can ask the DC to change SSH back to port 22 or you can use WHM to change the setup for CSF to allow that port and restart CSF (essentially resetting all the iptables rules) and that will work too.

    GL!

    (PS - this post can also be read as "what verdon said....")
     
    #6 mctDarren, Jul 19, 2007
    Last edited: Jul 19, 2007
  7. enet

    enet Member

    Joined:
    May 17, 2007
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I did the same thing after everything was installed. I use ZOC and blocked my Ip. I just had to go into ConfigServer Security&Firewall settings (Firewall Allow IPs) and set my IP from my desktop to be allowed. After that, no trouble accessing the server :D
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I've not had a single report of any such issue, especially since CSF checks /etc/ssh/sshd_config for the port that you have set for SSHD and defaults to 22 if not set. To investigate further you would need to check your /var/log/messages for kernel messages regarding the block (or /var/log/lfd.log if you've got yourself blocked)
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's what the TESTING mode is for when you first install csf. It creates a cron job that flushes iptables after up to 5 minutes so that you can get back into your server. You then disable that setting to keep running.
     
  10. Frimon86

    Frimon86 BANNED

    Joined:
    Jun 4, 2007
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    0
    Ohhhhhhhhhhh i see! :eek: thanks for the info sir. So when an ip is banned are they not able to view any sites you host or just not able to login?
     
  11. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    No access to the server at all, no sites, no mail, no login, nothing.
     
  12. Nhojohl

    Nhojohl Well-Known Member

    Joined:
    Nov 28, 2006
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    They won't be able to view any web site on your server, or even ping it...
     
  13. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    As pointed out by others, CSF auto-configures SSH on a non-standard port during install.

    It's more likely the OP locked himself out through repeated login failures. The only way then is to ask the hosting company to unblock the IP from csf.deny (I think). If it is a client that has been locked out, it is easy to unblock their IP by logging into WHM, and removing their IP from the Firewall Deny IPs file in the CSF Firewall configuration screen at WHM>>Addons
     
  14. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    I've been using it so long I forgot that. Some of the very earliest beta versions didn't. It might also be possible that the OP removed their port from the config, not realizing what and why it was there. It would be nice to hear if there was a resolution for the OP.
     
  15. php-empire

    php-empire Registered

    Joined:
    Jun 27, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    install on Freebsd 6.2 ?

    i love config server , but not install on free bsd please help me :)
     
  16. wefrank

    wefrank Member

    Joined:
    Oct 2, 2005
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Massachusetts
    Please visit http://forum.configserver.com/index.php
    That forum is the Config Server forum, and your issue should be discussed there, rather than in the cPanel forum.
    Hope this helps
     
  17. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Actually, if that was the cause, the easiest fix is to get yourself a new IP either (by using someone else's internet connection etc) and then remove the blocked IP from CSF either through ssh or via the WHM interface. No need to ask your DC for help for something as simple as this.

    In some countries if you have a dynamic IP it's enough to reset your ADSL connection (by rebooting your modem) which will then allocate you a new IP. This usually doesn't work for cable connections.
     
  18. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    csf is an iptables configuration script. FreeBSD doesn't use iptables, it uses a different application, so csf won't ever work with it.
     
Loading...

Share This Page