The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Did BFD just put me out of business? Please help!

Discussion in 'General Discussion' started by dianaward, Jan 28, 2005.

  1. dianaward

    dianaward Well-Known Member

    Joined:
    Dec 9, 2002
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've had APF on all web hosting servers for a bit, but after reading this forum and at the urging of my server lessor's forum, 4 nights ago I installed BFD on 4 servers. Set up each one the same, with the same ignored IPs.

    The next night I was working on one of them quite a bit, had to log out and back in, and was blocked. Since I didn't know whether something was damaged by what I had been working on or if it was BFD, it took me and the techs until the next morning to get me back into it. It also shut down ftp and file managers to any client who logged in more than twice. Things were back up and I was going to uninstall BFD when I was locked out again. Got warnings and block notices from BFD both times. Even the techs and datacenter can't get into either machine.

    For whatever it's worth, I have 2 servers in this datacenter, and the other 2 servers I installed BFD are in a different datacenter. The 2 at this data center have been down for 2 days now, and now the datacenter techs are telling me that both are so corrupted that they have to reinstall the OS and I have to pay. The 2 in the other datacenter are purring along fine. (Both the bad servers are Redhat, once in the other DC is also, the other is Fedora, if that makes a difference.)

    Does this make any sense? Could BFD have done this damage? I need to know so I can know how to deal with this, as I may wind up with no hosting customers if this continues.
     
  2. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I doubt that BFD caused the problem - all BFD does is read the logs and if there are a certain number of failed logins for a certain IP then it tells APF to block the IP. APF simply adds a rule to IPChanins. It's a very straight forward piece of software.

    If you are ever blocked your datacenter can easily get into you machine from the console - before APF loads (safe mode??). At ev1servers you can also login yourself via console and unblock your IP - as console bypasses APF.

    Sounds like your DC is bullshiXXing you.
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Last week, two clients signed up with us having the same problem with APF and BFD. For some reason, the default built-in firewall, ipchains and iptables, got corrupted. Since it was free, their DCs formatted their HDs and re-installed their OSs from scratch.

    I'd urge any body not to install APF and/or BFD unless they know what they are doing. If you need to protect your server, you can also use tipwire, mod_dosevasive, or mod_security.
     
    fizz likes this.
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Whenever I've come across this situation, it's actually been APF anti-dos to blame. As rs-freddo said, APF and BFD are relatively straightforward and it is usually a matter of identifying (through the BFD logs and the server logs) what you did from that IP address that got yourself blocked. Invariably it a misconfigured port checking utility, or login failures to a website that I see causing the problem with BFD.
     
  5. dianaward

    dianaward Well-Known Member

    Joined:
    Dec 9, 2002
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Twitter:
    Well, I don't know what caused the problem, but they are charging me

    $75 per server to replace the OS, and then I will have to recreated all the sites from backups. If the backups aren't corrupted, that is. And I only installed it because the dc basically ordered me to get it.

    She says, sniveling softly.

    I don't intend to reinstall it, I can tell you that! Even with the normal problems with it, I don't want to be locked out of my own servers because cpanel won't log me into a control panel or my SSH client is being troublesome, or I just can't type today, (as happens often...thank God for the backspace key.)
     
    #5 dianaward, Jan 28, 2005
    Last edited: Jan 28, 2005
  6. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    in the future anytime you install apf / bfd you should type

    apf -a YOURIP

    that way your ip is on the allow list for apf
     
  7. ntwaddel

    ntwaddel Well-Known Member

    Joined:
    Nov 3, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Templeton, CA
    I don't see how bfd or apf could have corrupted a system. They are both just perl scripts that do basic tasks
     
  8. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    perl? heh, it looks like a shell script to me... and it's calling /bin/sh instead of /usr/bin/perl :D

    But yeah... it's scripting and with its fairly limited functions, i don't see how it could 'corrupt' a system either (many different uses/meanings for 'corrupt' though). I had a firewall (on windows though) blocking certain hard drive accesses and was causing problems because of it. So it's possible I suppose that APF blocked some sort of local communications and caused some bad things to happen... even though I doubt that could happen with the way linux is setup, and I think apf is fairly intelligent with regard to local addresses.

    I've been using APF on a Redhat Enterprise 3 server for around a year now and it seems quite fine (though admittedly, I'm a couple minor revisions behind the latest version.)

    And yeah, Alaskan Wolf has some good advice there too. Always add your ip (or /24 if you have adynamic ip) to the exclude list so you can't ever be blocked.
     
  9. dianaward

    dianaward Well-Known Member

    Joined:
    Dec 9, 2002
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Twitter:
    You would think that adding my IP to both

    APF and BFD would have prevented it, I agree. But I did do that. I added it and the techs' as well. It must have been BFD, I guess, because it had been the only change on those machines, and one of them had been working fine for at least a year.

    On the older one I was blocked the first time I tried to access it after the install. No "unsuccessful log ins" at all.

    This has been a horror that has not only cost me the money I had to pay for the repair, but about $200 a month in income from fleeing customers. And, I guess since I refuse to pay my dc's techs to put it in again, if I'm ever hacked I'll be paying for that too, since they said servers not secured as they recommended would be liable if hacking occured. I am very unamused by this. Spent basically all of 2 weeks dealing with nothing but getting 2 webservers and their sites working again, between crashing servers, datacenter changing IPs without bothering to tell me to change them on the server, messed up permissions on both new servers, and now this. For how much can one sell a web hosting business?
     
  10. ntwaddel

    ntwaddel Well-Known Member

    Joined:
    Nov 3, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Templeton, CA
    well when you get blocked, cant you just ssh from a different ip?
     
  11. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    It is very unfortunate that you ran into such problems with APF and BFD on your servers. These scripts are provided AS IS without any guarantee and you can use them at your own risk. These days every body rush to install different scripts/programs on their servers without making sure that these scripts/programs are 99.9% compatible with their OS distribution.

    We learn from our and others mistakes. Sorry to hear about the money and time involved to solve your problem. It is just part of the business ordeal.

    Good luck :)
     
  12. dianaward

    dianaward Well-Known Member

    Joined:
    Dec 9, 2002
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, I am aware of that. I'm not blaming anyone, it's just that

    I was very wary of the script, but so many said it was fine and I was so financially urged to install it. I mainly posted here to try to see if it really was likely that such a simple script could have done this damage, and perhaps as a warning to others to be very thoughtful about this. And probably also to have an ear to complain to, since my dc isn't sympathetic.

    I have plenty of experience with installing scripts, and, as I stated, installed the script working fine on 2 other servers (different datacenter, but all cpanel, 3 Redhat and one Fedora) at the same time that this happened. (I have removed BFD from those servers now, out of fear of a repeat performance.)

    So many people use BFD that I am sure it is basically a good script, but apparently on some server setups it can be dangerous.

    And no, I changed IPs, the techs changed IPs, the dc tried it, nobody could get in.
     
    #12 dianaward, Jan 30, 2005
    Last edited: Jan 30, 2005
  13. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    So many people use APF and BFD that I can only conclude you had a bad image from that DC.
     
  14. 3guys

    3guys Member

    Joined:
    Nov 24, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I agree BFD/APF work flawlessly for me, your problem must be something else.
     
  15. Jones

    Jones Well-Known Member

    Joined:
    Jul 10, 2004
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    It is not APF/BFD

    Like Chirpy said, there is nothing to do with apf/bfd.

    This is because you enabled anti-dos in apf. I had an experience to this already and anti-dos will block your clients when they try to access your server more than 5 times in a row or less. It will even block clients browsing your site if they keep on refreshing the site meaning abusing your site....

    Solution?

    Disable it. You can secure your server in some other way also. APF/BFD is fine as long as you configured it properly and it is very straight forward.


    Hope this help.



     
  16. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    Have used BFD/APF/AD and other tools from Ryan for 3 years now without incident. BFD/APF didn't ruin your system plain and simple. There are other things that could have or it could have been a bad image. If you did get blocked out by APF/BFD/AD all you have to do is have your DC login via console and disable APF while you allow yourself access with iptables.
     
  17. dianaward

    dianaward Well-Known Member

    Joined:
    Dec 9, 2002
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Twitter:
    That's what I have always thought and heard, but

    it's a strange coincidence that 2 servers went out at the same time in the same fashion, don't you think? One of them had been up and running fine for 2 years. The other was brand new. Both were running APF for some time before. Both because unreachable within a short time after I installed BFD. Scientific method says?
     
  18. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    Dito for me too :D
    Strongly agree with kris1351 , never had any probs with BFD/APF, maybe it was something else you where fiddling with ?
     
  19. fusioncroc

    fusioncroc Well-Known Member

    Joined:
    Sep 28, 2004
    Messages:
    261
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    U.K.
    I've never personaly had any problems with apf / bfd its been running fine for 1 + years
     
  20. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Scientific method says that since the two servers in the other DC were running fine with BFD that it was NOT BFD but more likely something to do with the first DC.

    I would be very careful of running a server without a firewall and brute force blocking. Your server could be getting hammered and you wouldn't even know....
     
Loading...

Share This Page