The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP causing global IP temp ban?

Discussion in 'Data Protection' started by bradatidi, Feb 11, 2009.

  1. bradatidi

    bradatidi Registered

    Joined:
    Feb 11, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    We are experiencing a problem with our server temporarily blacklisting our IP address. It happens under certain conditions which are easy to reproduce.

    One of our developers is trying to download the contents of one of our website accounts (hundreds of files and folders) using CoreFTP as the FTP client, and after it gets about halfway through, we suddenly lose access to our server (all ports, services, email etc.) and this lasts for roughly 5 minutes.

    I tried to do the same thing using CuteFTP and it did in fact produce the same result.

    I've spoken with our hosting company, Liquid Web, and talked with 3 different techs and none of them can determine exactly what is triggering this temporary IP ban.

    They sat with us on the phone and had us reproduce the problem, and they were able to see the IP blacklist entry and remove it but they couldn't pinpoint exactly what setting or service is responsible for adding the entry in the first place.

    We are using pure-ftpd as the FTP server.

    Any help is much appreciated.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Navigate to the File Manager, then onto your file system where that directory of files is located and click the name of the directory. Now at top of page click compress. Next, login via FTP and download and delete the compressed file you created.

    That'll work.

    If you have opened too many connections and your firewall (you don't mention what firewall you use) is setup to block too many connections, I think the result is what you are experiencing.

    There really is no reason to download a directory of files "unpacked" like that I don't think. Forget the too many connections problem, think of the time wasted.

    Pack it and download. ;)


    Good luck.
     
  3. bradatidi

    bradatidi Registered

    Joined:
    Feb 11, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your reply and your advice.

    I absolutely agree that the method I described is not the most efficient means of downloading a home directory backup. I also thought, however, that the server should be able to handle it regardless.

    What confuses me is that, if it were a "too many connections" issue, wouldn't the FTP server respond to his FTP client with a "Connection refused: Too many connections" type error? Instead, everyone in the office loses their ability to check e-mail and browse any websites that we have running on the server. It's like a global ban on our IP address that encompasses the whole server. I can't SSH to it during this lockout period either.

    For some employees, their entire job revolves around entering and modifying data in web forms running on the server. So whenever this happens, the whole office stops working while we wait for the IP block to be lifted.

    As for the firewall, I wish I had more information about it, but all I can tell you is that the Liquid Web tech mentioned something about APF but there is no firewall configuration of any kind listed anywhere in WHM.

    Is there some shell command I can type to get some information about the firewall?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    APF wouldn't be listed in WHM anywhere. You'll need to speak with whomever manages the server about your firewall/security setup to find out more.

    If it is APF (I don't use this firewall), the IP would be listed here I believe.
    /etc/apf/deny_hosts.rules

    You might try digging thru the logs to find out more about how they got blocked. You should be able to do that by:


    grep ipa.ddr.ess.here /var/log/*
    grep ipa.ddr.ess.here /etc/httpd/logs/error_log

    Many including myself, use this firewall:
    http://www.configserver.com/cp/csf.html

    You can set your IP to bypass in it's config and never be blocked again if you like. :)

    If you're downloading a home directory, skip the part about the File Manager and locate the Backups icon. In there click download a home directory backup. Problem solved.

    You mention it's a temp ban, I don't recall APF doing temp bans, but it's been a long time since I've used it.

    If you're not managing the servers security, you should get the person who is to look into this and explain it to you more. If they can't, well, then you should probably find a server with support that can.

    Whatever you do, downloading a directory of "(hundreds of files and folders)" is just plain nuts without compressing first. IMHO.
     
  5. bradatidi

    bradatidi Registered

    Joined:
    Feb 11, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thanks again for your reply.

    I tried adding our IP to /etc/apf/allow_hosts.rules

    We are still experiencing the problem.
     
Loading...

Share This Page