The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Customer's IP Blocked?

Discussion in 'General Discussion' started by niatech, May 11, 2005.

  1. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hi All,

    A customer has reported that they cannot access any sites on either of my two servers, but have no problem viewing other sites on the internet.

    Now I have iptables blocking some ip's that I have identified as hack attempts, but his IP is NOT in that list. I've also checked portsentry and have not found it there.

    Does CPanel have some other way of blocking IP's?

    Thanks!!
     
  2. nickb

    nickb Well-Known Member

    Joined:
    Feb 25, 2005
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Are you using apf or some other third party firewall.
     
  3. pshepperd

    pshepperd Well-Known Member

    Joined:
    Feb 12, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Please ask that client to ping your site, and make sure he is resolving the correct IP, you may have dns issues, or his DNS may be cached.

    Did you recently move a site, or re-arrange DNS?


    ---Uh, thats a forum bug, i posted after him and my post is above his?
     
  4. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    No, not yet. Basically I check logwatch every morning and add iptables -j DROP rules.
     
  5. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    pshep: yes i see the forum bug, hmm ;)

    regarding your post, yes I will have him try to ping and see what is coming back.

    Thanks!
     
  6. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    DNS is coming back properly. Have to continue testing :(
     
  7. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    I would also check /etc/hosts.deny, and (just for my own sanity) take another look at the iptables using -L -n (the -n will show you the raw ip numbers). Keep us posted.
     
  8. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Both negative. I'm having him try a traceroute now. I think there is something else going on here.

    I even tried flushing all the iptables INPUT rules and he still couldn't access.

    Thank you everyone for all your help so far, does anyone else have any fresh ideas?
     
  9. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    - Never hurts to take a look at the domain under http://www.dnsreport.com/ for any errors.
    - Knowing the results of his tracert will be helpful. Is this a newly registered domain? Is it possible its still propogating through the 'net? And are the nameservers for the domain defined correctly at the registrar where it is registered?
     
  10. niatech

    niatech Well-Known Member

    Joined:
    Feb 20, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    The tracert is leading me to believe that something else is up, either client-side firewall or hardware/network problems. It looks like this:

    Tracing route to google.com (216.239.57.99)
    over a maximum of 30 hops:

    1 * * * Request timed out
    2 58 ms 15 ms 18 ms 67.21.129.185
    3 * * * Request timed out
    4 * * * Request timed out
    5 * * * Request timed out
    6 * * * Request timed out
    7 * * * Request timed out

    The domain is not new and the other 10 people who use email for that domain are not experiencing issue, neither are the other 100 users on the server. I think that the problem is on his side, but I thought I'd make sure by asking the question here.
     
  11. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    Definately an issue on "their" side. If they are in an office environment, they should contact their IT staff. If not, I would have them contact their ISP. Could be lots of different things.
     
Loading...

Share This Page