The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF : Getting blocked in first attempt !

Discussion in 'Security' started by LinuxTechie, Apr 11, 2011.

  1. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hey Buddies,

    In one of my server, csf is blocking my IP in the first attempt itself. It is getting blocked temporarily ! I am using the version 5.19 of csf. Is there any solution for this issue?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might try connecting to the server via SSH and add your IP to the bypass list. Strange that you'd be getting blocked right off, you might check that your cache is cleared and even try another browser to see if that works for you.


    For everything related to using CSF, csf -h or ConfigServer Scripts Forum • Index page
     
  3. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hey Infopro !

    Thanks for answering. While trying to connect via ssham getting connection timed out and the trace route also note reaching the server. When I disables the firewall everything seems to be working again. I am pretty sure that a small change in the csf configuration will correct the issue. But what it is, that's what I would like to know.

    Any help appreciated !
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you added your IP to the bypass list? Your log might give some clue as to why you are being blocked.
     
  5. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hey Friends !

    It is practically not possible to white list all my clients IP's. Is there any solution for avoiding not getting blocked in the first attempt? It will be great to know a solution for this !
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You're going to have to be more precise than to just say on first attempt. First attempt at what? To login to webmail, cPanel, a website, what exactly. It was your IP that was blocked originally, and now it's all of your clients.

    This kind of vague issue is very hard to assist with.


    GL!
     
  7. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hey Friends,

    First attempt in SSH,webmail,cpanel etc. If I take the IP in browser itself the IP is getting blocked temporarily. I amn't here for any arguments . If some one knows the solution please post it here.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You'll need to check your logs and figure out why you're being blocked. There is no way anyone can tell you why you're being blocked and provide the solution to you.
     
  9. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    is that as vps ?set the csf to test mode
    down on csf appears a button Extra Check that iptables has the required modules to run csf should appears something like this
    Testing iptables...

    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK

    RESULT: csf should function on this server


    ...Done.

    You should restart csf after having run this test. check if you have any issues with kernel and iptables
     
  10. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello Planethost,

    Yea, it is giving the correct result and I could not find any issues with iptables and kernel.
     
  11. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello cPtechie,

    What does the lfd.log in /var/log state for the reason for the block?

    Also, again, please remember that CSF and LFD are not cPanel provided products. Their support forum is at http://forum.configserver.com/viewforum.php?f=6 location.

    Thanks.
     
  12. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
  13. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello,

    @ Tristan : It is showing as IP is blocked temporarily.
    @ k-planethost : Thanks for the suggestion. But I prefer CSF than APF. Lets see whether I can find a solution for this issue!
     
  14. nobodyk

    nobodyk Well-Known Member

    Joined:
    Aug 1, 2010
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Can you post your config file? You really haven't give us much to go by. Post the block reason, csf gives a block reason when it blocks an ip.

    Try and see if this helps:
    under port scanning, search for the textbox to exclude ports from being monitored. Insert the common ports: 80,21,443,25,etc.
     
    #14 nobodyk, Apr 15, 2011
    Last edited: Apr 15, 2011
  15. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello,

    Thanks for the suggestion. I will give it a try.

    As I said earlier, it is showing as temporarily blocked.
     
  16. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Can you post the actual log entry as requested? Also, have you posted on the CSF forum at this point yet? They are most definitely the experts on their product and it would be highly beneficial to post there.
     
  17. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    check plugins-mod security also to see if csf is blocking ips cause of mod security and for what reason

    maybe needs some rules triggering mod sec
     
  18. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello,

    Thanks guys !
     
  19. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Did you come right?

    The easy way around this would be to SSH into one of your other servers, then SSH into this server and add your own IP as safe (i.e. csf -a x.x.x.x). Then go through the emails to see why you were blocked.
     
Loading...

Share This Page