Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CSF : Getting blocked in first attempt !

Discussion in 'Security' started by LinuxTechie, Apr 11, 2011.

  1. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hey Buddies,

    In one of my server, csf is blocking my IP in the first attempt itself. It is getting blocked temporarily ! I am using the version 5.19 of csf. Is there any solution for this issue?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might try connecting to the server via SSH and add your IP to the bypass list. Strange that you'd be getting blocked right off, you might check that your cache is cleared and even try another browser to see if that works for you.


    For everything related to using CSF, csf -h or ConfigServer Scripts Forum • Index page
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hey Infopro !

    Thanks for answering. While trying to connect via ssham getting connection timed out and the trace route also note reaching the server. When I disables the firewall everything seems to be working again. I am pretty sure that a small change in the csf configuration will correct the issue. But what it is, that's what I would like to know.

    Any help appreciated !
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you added your IP to the bypass list? Your log might give some clue as to why you are being blocked.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hey Friends !

    It is practically not possible to white list all my clients IP's. Is there any solution for avoiding not getting blocked in the first attempt? It will be great to know a solution for this !
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You're going to have to be more precise than to just say on first attempt. First attempt at what? To login to webmail, cPanel, a website, what exactly. It was your IP that was blocked originally, and now it's all of your clients.

    This kind of vague issue is very hard to assist with.


    GL!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hey Friends,

    First attempt in SSH,webmail,cpanel etc. If I take the IP in browser itself the IP is getting blocked temporarily. I amn't here for any arguments . If some one knows the solution please post it here.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You'll need to check your logs and figure out why you're being blocked. There is no way anyone can tell you why you're being blocked and provide the solution to you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    8
    Trophy Points:
    68
    Location:
    Athens Greece
    is that as vps ?set the csf to test mode
    down on csf appears a button Extra Check that iptables has the required modules to run csf should appears something like this
    Testing iptables...

    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing ipt_owner/xt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK

    RESULT: csf should function on this server


    ...Done.

    You should restart csf after having run this test. check if you have any issues with kernel and iptables
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hello Planethost,

    Yea, it is giving the correct result and I could not find any issues with iptables and kernel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello cPtechie,

    What does the lfd.log in /var/log state for the reason for the block?

    Also, again, please remember that CSF and LFD are not cPanel provided products. Their support forum is at http://forum.configserver.com/viewforum.php?f=6 location.

    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    8
    Trophy Points:
    68
    Location:
    Athens Greece
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hello,

    @ Tristan : It is showing as IP is blocked temporarily.
    @ k-planethost : Thanks for the suggestion. But I prefer CSF than APF. Lets see whether I can find a solution for this issue!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. nobodyk

    nobodyk Well-Known Member

    Joined:
    Aug 1, 2010
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    56
    Can you post your config file? You really haven't give us much to go by. Post the block reason, csf gives a block reason when it blocks an ip.

    Try and see if this helps:
    under port scanning, search for the textbox to exclude ports from being monitored. Insert the common ports: 80,21,443,25,etc.
     
    #14 nobodyk, Apr 15, 2011
    Last edited: Apr 15, 2011
  15. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hello,

    Thanks for the suggestion. I will give it a try.

    As I said earlier, it is showing as temporarily blocked.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Can you post the actual log entry as requested? Also, have you posted on the CSF forum at this point yet? They are most definitely the experts on their product and it would be highly beneficial to post there.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    8
    Trophy Points:
    68
    Location:
    Athens Greece
    check plugins-mod security also to see if csf is blocking ips cause of mod security and for what reason

    maybe needs some rules triggering mod sec
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    5
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hello,

    Thanks guys !
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    993
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Did you come right?

    The easy way around this would be to SSH into one of your other servers, then SSH into this server and add your own IP as safe (i.e. csf -a x.x.x.x). Then go through the emails to see why you were blocked.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice