The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I went and got myself blocked - help please!

Discussion in 'General Discussion' started by qbacca, May 27, 2002.

  1. qbacca

    qbacca Member

    Joined:
    May 2, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I'm a CPanel newbie, so be nice...;)

    I know that there is a command, /usr/sbin/killroute that adds an IP address to some sort of &ignore& list.

    Well, somehow I have managed to get myself placed on that ignore list. I have broadband with a static IP, so I can't just renew my IP address.

    Where is this &ignore& list, and how do I get my IP address off of it??? Currently I do not have any access to my own webserver :(

    Thanks!
     
  2. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    /scripts/unblockip
     
  3. qbacca

    qbacca Member

    Joined:
    May 2, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    no go

    I just ran /scripts/unblockip, and I get:

    What ip do you want to unblock? XX.XXX.XXX.XXX
    SIOCDELRT: No such process

    Any other ideas or suggestions?
     
  4. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    what's in /etc/hosts.deny ?
    Your IP?
     
  5. qbacca

    qbacca Member

    Joined:
    May 2, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    hosts.deny is empty

    Other than a commented out message, hosts.deny is empty.

    I really appreciate your taking the time to help me... any other suggestions?

    Marc
     
  6. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    How are you deeming yourself &blacklisted& or &blocked& ?

    Can you connect to any service at all, on your machine?
    If not there is definitely something in the routing table on your server that is blocking you completely.
     
  7. qbacca

    qbacca Member

    Joined:
    May 2, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    No connections of any type

    I cannot connect in any way shape or form - I have tried ping, tracert, http, ssh, pop, smtp... I always get host not found, or host not available. For tracert, the last hop that is shown is the router right before the server.

    I don't think the router is the problem, as I can connect to other servers behind the same router.

    If I go to anonymizer.com I can get in to the server via http... my dialup allows me to connect, my partner can connect, and the various tracert tools around the internet can all connect...

    Thanks,
    Marc
     
  8. Mat

    Mat Well-Known Member

    Joined:
    Sep 26, 2001
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    You might check ipchains...


    ipchains -L

    If your listed in the input... You can flush it by:

    ipchains -F input
     
  9. jdatwood

    jdatwood Active Member

    Joined:
    May 10, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    IP chains not the prob

    That was tried 2 days ago. Not the prob unfortunately
     
  10. kwimberl

    kwimberl Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    take a look in /var/portsentry
     
  11. jdatwood

    jdatwood Active Member

    Joined:
    May 10, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    DIR doesn't exist

    I can't find
    /var/portsentry

    It's not listed....

    I was able to find
    /var/log/portsentry

    If I find the IP in one of these logs, how can I unban the IP via portsentry?
     
  12. kwimberl

    kwimberl Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    /var/portsentry is a directory. cd to it and it should be obvious from there.
     
  13. jdatwood

    jdatwood Active Member

    Joined:
    May 10, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    It might be on your server, but it's not on ours. Here is a list of my /var DIR

    root@draco [/var]# dir
    ./ autoinstall.tgz ftp/ lock/ nis/ run/ webmin/
    ../ cache/ kerberos/ log/ opt/ spool/ www/
    arpwatch/ cpanel/ lib/ mail@ preserve/ tmp/
    autoinstall/ db/ local/ named/ proftpd.pid tux/
    root@draco [/var]#
     
  14. qbacca

    qbacca Member

    Joined:
    May 2, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    re: /var/portsentry

    We definately do not have a /var/portsentry directory:

    root@draco [/]# cd /var/portsentry
    bash: cd: /var/portsentry: No such file or directory

    If it's supposed to be there, could that be the problem? Would an uninstall and reinstall of Cpanel help? (I'm a Windoze guy, so that's how my brain works ;-)


    (jdatwood and I are together, btw)
     
  15. kwimberl

    kwimberl Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    Go to your root dir and do:

    locate portsentry
     
  16. Dotcoms

    Dotcoms Active Member

    Joined:
    Dec 17, 2001
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Do the following:-

    vi /etc/portsentry/portsentry.conf

    Find the following lines:

    # 0 = Do not block UDP/TCP scans.
    # 1 = Block UDP/TCP scans.
    # 2 = Run external command only (KILL_RUN_CMD)

    BLOCK_UDP=&0&
    BLOCK_TCP=&0&

    Make sure the values are &0& else if you ping your box you will be blocked.

    Exit and save portsentry.conf

    Do:-

    /etc/rc.d/init.d/portsentry stop

    route del -n xxx.xxx.xxx.xxx (Your IP address)

    /etc/rc.d/init.d/portsentry start

    Hope that helps

    Steve
     
  17. Drake

    Drake Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Please tell... What did you do to get yourself blocked?

    ...And... what service(s) are you blocked from?

    Your IP could usually be being blocked from 2 different places:

    /var/portsentry/portsentry.blocked.tcp (and or blocked.udp)

    or /etc/hosts.deny

    You should first locate those files and see if your IP # is in there.
    If so, edit it and take your IP out of there.

    Hey.. if you're totally blocked, how are you even gaining telnet or ssh access to the box to even check if you have those files?

    If you can get in to shell access, you aren't blocked by your IP.

    Another thought: Are you remotely accessing the box from a static IP or from a dial up? Dial ups are usually not static, therefore you get a new IP every time you dial it up.
     
  18. qbacca

    qbacca Member

    Joined:
    May 2, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Problem solved - bug in cpanel?

    Ok, here's the deal -

    our server has 4 IP addresses, one in the 209.x.x.x block, and 3 from the 66.x.x.x block.

    There was something about the default ipaliases script that caused (I don't know exactly what - my network guy figured this out) all traffic from 66.*.*.* to be ignored.

    The fix was to SSH in and do

    service network restart

    This fixes the problem every time. So, every time we reboot the server, cpanel's ipaliases script runs, and kills traffic from 66.*.*.* - we do the service network restart, and I have access again.

    Weird bug? Who knows - I'm just glad I have access again.

    Marc
     
Loading...

Share This Page